MoinMoin Wiki (remote code execution vulnerability) | BOT24

MoinMoin Wiki (remote code execution vulnerability)

There is a remote code execution vulnerability in MoinMoin wiki,
versions 1.9.x up to (and including) 1.9.5. The method save in class
AnyWikiDraw (action/ and class TWikiDraw
(action/ do not filter user supplied input correctly, which
leads to a path traversal vulnerability, which can be exploited to
execute arbitrary code with moin's privileges. An exploit was seen in the wild.

Details can be found at:

A fix is available at:

kind regards,
Tilmann Haak

//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment


Post a Comment