The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-10T16:48:21
Updated: 2024-08-04T15:26:09.287Z
Reserved: 2020-09-02T00:00:00
Link: CVE-2020-25074
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-11-10T17:15:12.907
Modified: 2020-11-24T17:20:03.260
Link: CVE-2020-25074
Redhat
No data.