Mlmmj · Mlmmj · CVE-2009-4896
**Name of the Vulnerable Software and Affected Versions**
mlmmj versions 1.2.15 through 1.2.17
**Description**
The issue allows remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
**Recommendations**
For versions 1.2.15 through 1.2.17, consider restricting access to the mlmmj-php-admin web interface until a fix is available, and avoid using the edit or save actions with list names containing .. (dot dot) to minimize the risk of exploitation.