CVE-2012-6080 — Path Traversal in Moinmoin

CWE-22 — Path Traversal8 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

1.5%

top 18.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moinmo Moinmoin

Timeline

PublishedJan 3

Latest updateMay 17

Description

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDmoinmo/moinmoin1.9.3, 1.9.4, 1.9.5+2

Patches

Patch: hg.moinmo.in ↗Patch: hg.moinmo.in ↗

🔴Vulnerability Details

OSV

MoinMoin Directory Traversal vulnerability↗2022-05-17

▶

GHSA

MoinMoin Directory Traversal vulnerability↗2022-05-17

▶

OSV

CVE-2012-6080: Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile↗2013-01-03

▶

💥Exploits & PoCs

Exploit-DB

ESRI ArcGIS for Server - 'where' SQL Injection↗2012-11-09

▶

💬Community

Bugzilla

CVE-2012-6080 moinmoin: Path traversal vulnerability↗2012-12-31

▶

Bugzilla

CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]↗2012-12-31

▶

Bugzilla

CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]↗2012-12-31

▶