CVE-2012-6080

Published: Jan 3, 2013Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

Affected (3)

Products: Moinmo: Moinmoin

Moinmo

1 product

Moinmoin

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Moinmo Moinmoin	Version 1.9.3
Moinmo Moinmoin	Version 1.9.4
Moinmo Moinmoin	Version 1.9.5

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (20)

http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52

Source: secalert@redhat.com

Patch

http://moinmo.in/SecurityFixes

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51663

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51676

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51696

Source: secalert@redhat.com

Vendor Advisory

http://ubuntu.com/usn/usn-1680-1

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2593

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/12/30/6

Source: secalert@redhat.com

http://www.securityfocus.com/bid/57076

Source: secalert@redhat.com

https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599

Source: secalert@redhat.com

http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52