CVE-2012-6081
MoinMoin - twikidraw Action Traversal Arbitrary File Upload
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
Múltiples subidas de fichero sin restricción en las acciones 1) twikidraw (action/twikidraw.py) y (2) anywikidraw (action/anywikidraw.py) en MoinMoin antes de v1.9.6 permitie a usuarios remotos autenticados con permisos de escritura para ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable, y acceder a el a través de una solicitud dirigida directamente al archivo en un directorio especificado, como se explotó en en julio de 2012.
Multiple vulnerabilities have been reported in MoinMoin, the worst of which may allow execution of arbitrary code. Versions less than 1.9.6 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-01-03 CVE Published
- 2013-05-08 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://moinmo.in/MoinMoinRelease1.9 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/12/29/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/12/30/4 | Mailing List |
|
| http://www.securityfocus.com/bid/57082 | Vdb Entry | |
| https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/122079 | 2013-06-19 | |
| https://www.exploit-db.com/exploits/26422 | 2013-06-24 | |
| https://www.exploit-db.com/exploits/25304 | 2013-05-08 | |
| http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f | 2024-08-06 | |
| http://www.exploit-db.com/exploits/25304 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://moinmo.in/SecurityFixes | 2013-12-13 | |
| http://secunia.com/advisories/51663 | 2013-12-13 | |
| http://secunia.com/advisories/51676 | 2013-12-13 | |
| http://secunia.com/advisories/51696 | 2013-12-13 | |
| http://ubuntu.com/usn/usn-1680-1 | 2013-12-13 | |
| http://www.debian.org/security/2012/dsa-2593 | 2013-12-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | <= 1.9.5 Search vendor "Moinmo" for product "Moinmoin" and version " <= 1.9.5" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.1 Search vendor "Moinmo" for product "Moinmoin" and version "0.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.2 Search vendor "Moinmo" for product "Moinmoin" and version "0.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.3 Search vendor "Moinmo" for product "Moinmoin" and version "0.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.4 Search vendor "Moinmo" for product "Moinmoin" and version "0.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.5 Search vendor "Moinmo" for product "Moinmoin" and version "0.5" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.6 Search vendor "Moinmo" for product "Moinmoin" and version "0.6" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.7 Search vendor "Moinmo" for product "Moinmoin" and version "0.7" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.8 Search vendor "Moinmo" for product "Moinmoin" and version "0.8" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.9 Search vendor "Moinmo" for product "Moinmoin" and version "0.9" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.10 Search vendor "Moinmo" for product "Moinmoin" and version "0.10" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 0.11 Search vendor "Moinmo" for product "Moinmoin" and version "0.11" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.2.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.2.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.2.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.2.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.2.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.2.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.2.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.2.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.5 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.5" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.3.5 Search vendor "Moinmo" for product "Moinmoin" and version "1.3.5" | rc1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | beta1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | beta2 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | beta3 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | beta4 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | beta5 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | beta6 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.0" | rc1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.3" | rc1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.3" | rc2 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.5 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.5" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.5 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.5" | a |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.5 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.5" | rc1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.5a Search vendor "Moinmo" for product "Moinmoin" and version "1.5.5a" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.6 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.6" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.7 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.7" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.5.8 Search vendor "Moinmo" for product "Moinmoin" and version "1.5.8" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.0" | beta1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.0" | beta2 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.0" | rc1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.0" | rc2 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.6.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.6.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.0" | beta1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.0" | beta2 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.0" | rc1 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.0" | rc2 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.0" | rc3 |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.7.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.7.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.4" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.6 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.6" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.7 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.7" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.8.8 Search vendor "Moinmo" for product "Moinmoin" and version "1.8.8" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.9.0 Search vendor "Moinmo" for product "Moinmoin" and version "1.9.0" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.9.1 Search vendor "Moinmo" for product "Moinmoin" and version "1.9.1" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.9.2 Search vendor "Moinmo" for product "Moinmoin" and version "1.9.2" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.9.3 Search vendor "Moinmo" for product "Moinmoin" and version "1.9.3" | - |
Affected
| ||||||
| Moinmo Search vendor "Moinmo" | Moinmoin Search vendor "Moinmo" for product "Moinmoin" | 1.9.4 Search vendor "Moinmo" for product "Moinmoin" and version "1.9.4" | - |
Affected
| ||||||