PYSEC-2013-7

2013-01-03T01:55:00
ID OSV:PYSEC-2013-7
Type osv
Reporter Google
Modified 2021-07-05T00:01:23

Description

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.