MoinMoin Multiple unrestricted file upload vulnerabilities
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Sep 26, 2024
Description
Published by the National Vulnerability Database
Jan 3, 2013
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Apr 29, 2024
Last updated
Sep 26, 2024
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (
action/twikidraw.py
) and (2) anywikidraw (action/anywikidraw.py
) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.References