⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2012-6081Unrestricted File Upload in Moinmoin

CWE-434Unrestricted File UploadCWE-22Path Traversal17 documents8 sources
Severity
6.0MEDIUMNVD
EPSS
73.6%
top 1.18%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Moinmo Moinmoin
Timeline
PublishedJan 3
Latest updateMay 17

Description

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

NVDmoinmo/moinmoin1.9.5+57

Patches

Patch: hg.moinmo.inPatch: hg.moinmo.in

🔴Vulnerability Details

7
OSV
MoinMoin Multiple vulnerable to directory traversal2022-05-17
GHSA
MoinMoin Multiple unrestricted file upload vulnerabilities2022-05-17
GHSA
MoinMoin Multiple vulnerable to directory traversal2022-05-17
OSV
MoinMoin Multiple unrestricted file upload vulnerabilities2022-05-17
OSV
CVE-2012-6081: Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw2013-01-03

💥Exploits & PoCs

3
Exploit-DB
MoinMoin - twikidraw Action Traversal Arbitrary File Upload (Metasploit)2013-06-24
Exploit-DB
MoinMoin - Arbitrary Command Execution2013-05-08
Metasploit
MoinMoin twikidraw Action Traversal File Upload

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload2013-06-28

💬Community

4
Bugzilla
CVE-2012-6495 moin: Multiple directory traversal flaws in twikidraw and anywikidraw2013-01-03
Bugzilla
CVE-2012-6081 moinmoin: remote code execution vulnerability2012-12-31
Bugzilla
CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]2012-12-31
Bugzilla
CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]2012-12-31
CVE-2012-6081 — Unrestricted File Upload in Moinmoin | cvebase