CVE-2009-4896
9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
75.1%
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a … (dot dot) in a list name in a (1) edit or (2) save action.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| mlmmj:mlmmj | mlmmj | eq | 1.2.15 |
| mlmmj:mlmmj | mlmmj | eq | 1.2.16 |
| mlmmj:mlmmj | mlmmj | eq | 1.2.17 |
References
bugs.gentoo.org/show_bug.cgi?id=259968
mlmmj.org/node/84
secunia.com/advisories/40658
www.debian.org/security/2010/dsa-2073
www.openwall.com/lists/oss-security/2010/06/23/5
www.openwall.com/lists/oss-security/2010/06/23/6
www.openwall.com/lists/oss-security/2010/06/25/2
www.openwall.com/lists/oss-security/2010/06/26/1
www.openwall.com/lists/oss-security/2010/07/04/4
www.openwall.com/lists/oss-security/2010/07/06/1
bugzilla.redhat.com/show_bug.cgi?id=607256
Related
9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
75.1%