CVE-2022-40319 Information

Description

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim’s LISTSERV account.

Reference

https://packetstormsecurity.com/2301-exploits/listserv17-idor.txt https://peach.ease.lsoft.com/scripts/wa-PEACH.exe?A0=LSTSRV-L