Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
Published 2013-01-03 01:55:04
Updated 2013-12-13 05:08:52
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2012-6081

95.47%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2012-6081

  • MoinMoin twikidraw Action Traversal File Upload
    Disclosure Date: 2012-12-30
    First seen: 2020-04-26
    exploit/unix/webapp/moinmoin_twikidraw
    This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/mod_wsgi configurations by overwritin

CVSS scores for CVE-2012-6081

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.0
MEDIUM AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8
6.4
NIST

References for CVE-2012-6081

Products affected by CVE-2012-6081

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!