CVE-2009-4896

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-4896

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-4896.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2009-4896

Downstream

DEBIAN-CVE-2009-4896

DSA-2073-1

Published

2010-08-02T20:40:00Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

References

http://secunia.com/advisories/40658
http://www.debian.org/security/2010/dsa-2073
http://www.openwall.com/lists/oss-security/2010/06/26/1
https://bugzilla.redhat.com/show_bug.cgi?id=607256
http://bugs.gentoo.org/show_bug.cgi?id=259968
http://mlmmj.org/node/84
http://www.openwall.com/lists/oss-security/2010/06/23/5
http://www.openwall.com/lists/oss-security/2010/06/23/6
http://www.openwall.com/lists/oss-security/2010/06/25/2
http://www.openwall.com/lists/oss-security/2010/07/04/4
http://www.openwall.com/lists/oss-security/2010/07/06/1

CVE-2009-4896

Affected packages