Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-6495 — Path Traversal in Moinmoin

CWE-22 — Path Traversal9 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

9.9%

top 6.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Moinmo Moinmoin

Timeline

PublishedJan 3

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDmoinmo/moinmoin1.9.5+57

Patches

Patch: hg.moinmo.in ↗Patch: hg.moinmo.in ↗

🔴Vulnerability Details

OSV

MoinMoin Multiple vulnerable to directory traversal↗2022-05-17

▶

GHSA

MoinMoin Multiple vulnerable to directory traversal↗2022-05-17

▶

OSV

CVE-2012-6495: Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw↗2013-01-03

▶

💥Exploits & PoCs

Exploit-DB

MoinMoin - twikidraw Action Traversal Arbitrary File Upload (Metasploit)↗2013-06-24

▶

Exploit-DB

MoinMoin - Arbitrary Command Execution↗2013-05-08

▶

💬Community

Bugzilla

CVE-2012-6495 moin: Multiple directory traversal flaws in twikidraw and anywikidraw↗2013-01-03

▶

Bugzilla

CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]↗2012-12-31

▶

Bugzilla

CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]↗2012-12-31

▶