MoinMoin Wiki (path traversal vulnerability) | BOT24

MoinMoin Wiki (path traversal vulnerability)


There is a path traversal issue in MoinMoin wiki (version 1.9.3 -
1.9.5). The vulnerability resides in the AttachFile action (function
_do_attachment_move in action/AttachFile.py). It fails to properly
sanitize file names.

Details can be found at: http://moinmo.in/SecurityFixes

A fix is available at: http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52



kind regards,
Tilmann Haak
Email: tilmann@larpwiki.de



//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment