Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 up to and including 1.9.5 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in a file name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moinmo moinmoin 1.9.3 |
||
moinmo moinmoin 1.9.4 |
||
moinmo moinmoin 1.9.5 |