The cache action in action/cache.py in MoinMoin up to and including 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moinmo moinmoin |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |