CVE-2008-0782: MoinMoin Directory traversal vulnerability

May 1, 2022 (updated May 14, 2024)

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. The issue has been fixed on e69a16b6e630.

References

exchange.xforce.ibmcloud.com/vulnerabilities/39837
github.com/advisories/GHSA-6766-r2rx-mfw9
nvd.nist.gov/vuln/detail/CVE-2008-0782
usn.ubuntu.com/716-1
www.exploit-db.com/exploits/4957

Code Behaviors & Features

Detect and mitigate CVE-2008-0782 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →