oss-sec mailing list archives

Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)

From: Thomas Waldmann <tw () waldmann-edv de>
Date: Sun, 12 May 2013 17:30:30 +0200

The section 0x06 of http://www.exploit-db.com/papers/25306/ mention a 
exploit for moinmoin, which looks connected with this vulnerability 
http://www.securityfocus.com/bid/59728
Can you please assign a CVE to it?


This is old news (and even the exploit code was out there before this
"publication", one just needed google to find it on some pastebins).
Back in December, CVE-2012-6081 was assigned for that and we fixed it
with the release of MoinMoin 1.9.6, see: https://moinmo.in/SecurityFixes

Current thread:

CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello (May 12)
- <Possible follow-ups>
- CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello (May 12)
  - Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Thomas Waldmann (May 12)