LISE exploit and patch
Posted: Wed Dec 28, 2022 5:27 pm
A vulnerability that allows a remote attacker to initiate the uninstaller routine for specific LISE instances was discovered today. An update (version 1.4.3) to LISE has been released to patch this, and should be applied immediately to all sites using the LISE module.
The exploit results in the database tables for the instance to be deleted, but all files remain in tact. Recovering the tables in question from a database backup is the remedy. The patch will prevent future, similar exploits but cannot recover any lost data.
The exploit results in the database tables for the instance to be deleted, but all files remain in tact. Recovering the tables in question from a database backup is the remedy. The patch will prevent future, similar exploits but cannot recover any lost data.