Your submission was sent successfully! Close

CVE-2008-0782

Published: 14 February 2008

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

Priority

Low

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian
dapper
Released (1.5.2-1ubuntu2.4)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy
Released (1.5.7-3ubuntu2.1)
hardy
Released (1.5.8-5.1ubuntu2.2)
intrepid Not vulnerable

upstream Needed