CVE-2008-0782
published 2008-02-14CVE-2008-0782: Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
14.79%
96.3th percentile
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2009-01-30·CVSS 4.3
CVE-2008-1098 [MEDIUM] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)
Fernando Quintero discovered that MoinMoin did not properly sanitize its input
when attaching files, resulting in cross-site scripting vulnerabilities. This
issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)
It was discovered that MoinMoin did n
Red Hat
moin: file overwrite via crafted cookie
vendor_redhat·2008-01-20·CVSS 5.0
CVE-2008-0782 [MEDIUM] moin: file overwrite via crafted cookie
moin: file overwrite via crafted cookie
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
OSV
MoinMoin Directory traversal vulnerability
osv·2022-05-01
CVE-2008-0782 [MEDIUM] MoinMoin Directory traversal vulnerability
MoinMoin Directory traversal vulnerability
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a `..` (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. The issue has been fixed on [e69a16b6e630](http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630).
GHSA
MoinMoin Directory traversal vulnerability
ghsa·2022-05-01
CVE-2008-0782 [MEDIUM] CWE-22 MoinMoin Directory traversal vulnerability
MoinMoin Directory traversal vulnerability
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a `..` (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. The issue has been fixed on [e69a16b6e630](http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630).
No detection rules found.
http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630http://secunia.com/advisories/29010http://secunia.com/advisories/29262http://secunia.com/advisories/29444http://secunia.com/advisories/33755http://www.attrition.org/pipermail/vim/2008-January/001890.htmlhttp://www.debian.org/security/2008/dsa-1514http://www.gentoo.org/security/en/glsa/glsa-200803-27.xmlhttp://www.securityfocus.com/bid/27404http://www.vupen.com/english/advisories/2008/0569/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/39837https://usn.ubuntu.com/716-1/https://www.exploit-db.com/exploits/4957http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630http://secunia.com/advisories/29010http://secunia.com/advisories/29262http://secunia.com/advisories/29444http://secunia.com/advisories/33755http://www.attrition.org/pipermail/vim/2008-January/001890.htmlhttp://www.debian.org/security/2008/dsa-1514http://www.gentoo.org/security/en/glsa/glsa-200803-27.xmlhttp://www.securityfocus.com/bid/27404http://www.vupen.com/english/advisories/2008/0569/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/39837https://usn.ubuntu.com/716-1/https://www.exploit-db.com/exploits/4957
2008-02-14
Published