CVE-2009-4896
mlmmj 1.2.15-1.2.17 - Authenticated Path Traversal and Arbitrary File Manipulation via List Name Parameter
Title source: llmDescription
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
References (11)
Core 11
Core References
Various Sources x_refsource_confirm
http://mlmmj.org/node/84
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/26/1
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=259968
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/25/2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40658
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/23/5
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=607256
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/07/06/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/23/6
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/07/04/4
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2073
Scores
EPSS
0.0181
EPSS Percentile
75.9%
Details
CWE
CWE-22
Status
published
Products (3)
mlmmj/mlmmj
1.2.15
mlmmj/mlmmj
1.2.16
mlmmj/mlmmj
1.2.17
Published
Aug 02, 2010
Tracked Since
Feb 18, 2026