6.4
CVE-2012-6080
- EPSS 4.02%
- Veröffentlicht 03.01.2013 01:55:04
- Zuletzt bearbeitet 16.06.2026 23:47:47
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.02% | 0.892 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://moinmo.in/SecurityFixes
http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
http://secunia.com/advisories/51663
http://secunia.com/advisories/51676
http://secunia.com/advisories/51696
http://ubuntu.com/usn/usn-1680-1
http://www.debian.org/security/2012/dsa-2593
http://www.openwall.com/lists/oss-security/2012/12/30/6
http://www.securityfocus.com/bid/57076
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599