CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
73.5%
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a … (dot dot) in a list name in a (1) edit or (2) save action.
bugs.gentoo.org/show_bug.cgi?id=259968
mlmmj.org/node/84
secunia.com/advisories/40658
www.debian.org/security/2010/dsa-2073
www.openwall.com/lists/oss-security/2010/06/23/5
www.openwall.com/lists/oss-security/2010/06/23/6
www.openwall.com/lists/oss-security/2010/06/25/2
www.openwall.com/lists/oss-security/2010/06/26/1
www.openwall.com/lists/oss-security/2010/07/04/4
www.openwall.com/lists/oss-security/2010/07/06/1
bugzilla.redhat.com/show_bug.cgi?id=607256