CVE-2009-4896

NameCVE-2009-4896
DescriptionMultiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2073-1
Debian Bugs588038

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mlmmj (PTS)buster1.3.0-3fixed
bookworm, sid, bullseye1.3.0-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mlmmjsourcelenny1.2.15-1.1+lenny1DSA-2073-1
mlmmjsource(unstable)1.2.17-1.1588038

Search for package or bug name: Reporting problems