CVE-2012-6081

Medium

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py)…

redhat·NVD-CWE-Other·Published 2013-01-03

CVSS

6.2

EPSS

0.31

KEV

Exploits

Vendor statements (2)

cve.orgen

420 chars

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

OSV.deven

420 chars

GHSAen

424 chars

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (`action/twikidraw.py`) and (2) anywikidraw (`action/anywikidraw.py`) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

NVDes

469 chars

Múltiples subidas de fichero sin restricción en las acciones 1) twikidraw (action/twikidraw.py) y (2) anywikidraw (action/anywikidraw.py) en MoinMoin antes de v1.9.6 permitie a usuarios remotos autenticados con permisos de escritura para ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable, y acceder a el a través de una solicitud dirigida directamente al archivo en un directorio especificado, como se explotó en en julio de 2012.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.0	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
3.1	Secondary	GHSA	6.2	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F
4.0	Secondary	GHSA	5.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A