CVE-2009-4896

EUVD-2009-4859
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
mlmmjmlmmj
1.2.15
mlmmjmlmmj
1.2.16
mlmmjmlmmj
1.2.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mlmmj
bookworm
1.3.0-4
fixed
bullseye
1.3.0-4
fixed
sid
1.3.0-4
fixed
trixie
1.3.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mlmmj
dapper
not-affected
hardy
ignored
jaunty
Fixed 1.2.15-1.1+lenny1build0.9.04.1
released
karmic
Fixed 1.2.15-1.1+lenny1build0.9.10.1
released
lucid
ignored
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=259968
http://mlmmj.org/node/84
http://secunia.com/advisories/40658
http://www.debian.org/security/2010/dsa-2073
http://www.openwall.com/lists/oss-security/2010/06/23/5
http://www.openwall.com/lists/oss-security/2010/06/23/6
http://www.openwall.com/lists/oss-security/2010/06/25/2
http://www.openwall.com/lists/oss-security/2010/06/26/1
http://www.openwall.com/lists/oss-security/2010/07/04/4
http://www.openwall.com/lists/oss-security/2010/07/06/1
https://bugzilla.redhat.com/show_bug.cgi?id=607256
http://bugs.gentoo.org/show_bug.cgi?id=259968
http://mlmmj.org/node/84
http://secunia.com/advisories/40658
http://www.debian.org/security/2010/dsa-2073
http://www.openwall.com/lists/oss-security/2010/06/23/5
http://www.openwall.com/lists/oss-security/2010/06/23/6
http://www.openwall.com/lists/oss-security/2010/06/25/2
http://www.openwall.com/lists/oss-security/2010/06/26/1
http://www.openwall.com/lists/oss-security/2010/07/04/4
http://www.openwall.com/lists/oss-security/2010/07/06/1
https://bugzilla.redhat.com/show_bug.cgi?id=607256