CVE-2009-4896 Information

Feb 14, 2021 cve

Description

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite create or delete arbitrary files or determine the existence of arbitrary directories via a .. (dot dot) in a list name in a (1) edit or (2) save action.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=259968 http://mlmmj.org/node/84 http://secunia.com/advisories/40658 http://www.debian.org/security/2010/dsa-2073 http://www.openwall.com/lists/oss-security/2010/06/23/5 http://www.openwall.com/lists/oss-security/2010/06/23/6 http://www.openwall.com/lists/oss-security/2010/06/25/2 http://www.openwall.com/lists/oss-security/2010/06/26/1 http://www.openwall.com/lists/oss-security/2010/07/04/4 http://www.openwall.com/lists/oss-security/2010/07/06/1 https://bugzilla.redhat.com/show_bug.cgi?id=607256

Share on: