Published: 10/11/2020 Updated: 24/11/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The cache action in action/cache.py in MoinMoin up to and including 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moinmo moinmoin
debian debian linux 9.0
debian debian linux 10.0

Two vulnerabilities were discovered in moin, a Python clone of WikiWiki CVE-2020-15275 Catarina Leite discovered that moin is prone to a stored XSS vulnerability via SVG attachments CVE-2020-25074 Michael Chapman discovered that moin is prone to a remote code execution vulnerability via the cache action For the stable distribut ...

CWE-22 https://www.debian.org/security/2020/dsa-4787 https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq http://moinmo.in/SecurityFixes https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4787

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-25074

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect