CVE-2009-4896

NameCVE-2009-4896
DescriptionMultiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2073-1
NVD severitymedium
Debian Bugs588038

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mlmmj (PTS)stretch1.2.19.0-1fixed
bullseye, sid, buster1.3.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mlmmjsourcelenny1.2.15-1.1+lenny1DSA-2073-1
mlmmjsource(unstable)1.2.17-1.1588038

Search for package or bug name: Reporting problems