CVE-2020-25074
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-25074
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25074.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-25074
- Aliases
- Downstream
- Related
- Published
- 2020-11-10T17:15:12.907Z
- Modified
- 2025-11-20T11:21:46.034253Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
- References
Affected packages
Git / github.com/moinwiki/moin-1.9
Affected ranges
- Type
- GIT
- Repo
- https://github.com/moinwiki/moin-1.9
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.5.0
1.5.0beta1
1.5.0beta2
1.5.0beta3
1.5.0beta4
1.5.0beta5
1.5.0beta6
1.5.0rc1
1.5.1
1.5.2
1.5.2rc1
1.5.3
1.5.3-rc1
1.5.3-rc2
1.6a
1.7.0
1.7.0beta1
1.7.0beta2
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.1
1.7.2
1.7.3
1.8.0
1.8.0beta1
1.8.0beta2
1.8.0beta3
1.8.0rc1
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.9.0
1.9.0beta1
1.9.0beta2
1.9.0beta3
1.9.0beta4
1.9.0rc1
1.9.0rc2
1.9.1
1.9.10
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
Other
SOC2006-START
SOC2007-START
SOC2008-END
SOC2008-START