Unrated severityNVD Advisory· Published Aug 2, 2010· Updated Apr 29, 2026

CVE-2009-4896

Description

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

Affected products

Mlmmj/Mlmmj3 versions
cpe:2.3:a:mlmmj:mlmmj:1.2.15:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mlmmj:mlmmj:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:mlmmj:mlmmj:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:mlmmj:mlmmj:1.2.17:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2010/06/26/1nvdPatch
secunia.com/advisories/40658nvdVendor Advisory
bugs.gentoo.org/show_bug.cginvd
mlmmj.org/node/84nvd
www.debian.org/security/2010/dsa-2073nvd
www.openwall.com/lists/oss-security/2010/06/23/5nvd
www.openwall.com/lists/oss-security/2010/06/23/6nvd
www.openwall.com/lists/oss-security/2010/06/25/2nvd
www.openwall.com/lists/oss-security/2010/07/04/4nvd
www.openwall.com/lists/oss-security/2010/07/06/1nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000