CVE-2009-4896

NameCVE-2009-4896
DescriptionMultiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2073-1
NVD severitymedium (attack range: remote)
Debian Bugs588038

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mlmmj (PTS)jessie1.2.18.1-1fixed
stretch1.2.19.0-1fixed
sid1.3.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mlmmjsource(unstable)1.2.17-1.1medium588038
mlmmjsourcelenny1.2.15-1.1+lenny1mediumDSA-2073-1

Search for package or bug name: Reporting problems