CVE-2010-1238
published 2010-04-05CVE-2010-1238: MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.98%
78.0th percentile
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_ubuntu3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MoinMo MoinMoin 1.7.1 access control (Nessus ID 45396 / ID 195079)
vuldb·2026-05-05·CVSS 5.0
CVE-2010-1238 [MEDIUM] MoinMo MoinMoin 1.7.1 access control (Nessus ID 45396 / ID 195079)
A vulnerability was found in MoinMo MoinMoin 1.7.1. It has been rated as problematic. This affects an unknown function. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2010-1238. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-qwwp-27qm-g533: MoinMoin 1
ghsa_unreviewed·2022-05-02
CVE-2010-1238 [MEDIUM] GHSA-qwwp-27qm-g533: MoinMoin 1
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
OSV
CVE-2010-1238: MoinMoin 1
osv·2010-04-05·CVSS 5.0
CVE-2010-1238 [MEDIUM] CVE-2010-1238: MoinMoin 1
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-04-08·CVSS 3.5
CVE-2010-0828 [LOW] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input when
processing Despam actions, resulting in cross-site scripting (XSS)
vulnerabilities. If a privileged wiki user were tricked into performing
the Despam action on a page with a crafted title, a remote attacker could
exploit this to execute JavaScript code. (CVE-2010-0828)
It was discovered that the TextCha protection in MoinMoin could be bypassed
by submitting a crafted form request. This issue only affected Ubuntu 8.10.
(CVE-2010-1238)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-1238 MoinMoin textcha bypass flaw [fedora-all]
bugzilla·2010-04-07·CVSS 5.0
CVE-2010-1238 [MEDIUM] CVE-2010-1238 MoinMoin textcha bypass flaw [fedora-all]
CVE-2010-1238 MoinMoin textcha bypass flaw [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=580100
Please note: this issue affects multiple supported version
Bugzilla
CVE-2010-1238 MoinMoin textcha bypass flaw
bugzilla·2010-04-07·CVSS 5.0
CVE-2010-1238 [MEDIUM] CVE-2010-1238 MoinMoin textcha bypass flaw
CVE-2010-1238 MoinMoin textcha bypass flaw
Name: CVE-2010-1238
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100405
Category:
Reference: DEBIAN:DSA-2024
Reference: URL:http://www.debian.org/security/2010/dsa-2024
MoinMoin 1.7.1 allows remote attackers to bypass the textcha
protection mechanism by modifying the textcha-question and
textcha-answer fields to have empty values.
Upstream fix:
http://hg.moinmo.in/moin/1.7/rev/a952d07dea69
Discussion:
This doesn't affect the Fedora packages. The fix has been made over one and a half years ago and has since made its way into the 1.8 and 1.9 releases, which are currently in Fedora 11 - 13. It seems the only reason this vulnerability got a CVE
http://secunia.com/advisories/39284http://www.debian.org/security/2010/dsa-2024http://www.ubuntu.com/usn/USN-925-1http://www.vupen.com/english/advisories/2010/0831http://secunia.com/advisories/39284http://www.debian.org/security/2010/dsa-2024http://www.ubuntu.com/usn/USN-925-1http://www.vupen.com/english/advisories/2010/0831
2010-04-05
Published