KEVIntel
PRO Back to KEVs
6.0
CVSS
Medium

CVE-2012-6081

PUBLISHED

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in...

Not yet in CISA KEV

Exploited in the wild PoC available Remote
Vendor
MoinMoin
Product
MoinMoin
Published
Jan 03, 2013
EPSS

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

metasploit

CVSS Scores

CVSS v2.0 6.0 Medium

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitation Status

Exploited in the wild

Recorded 2013-01-03 01:00:00 UTC · CVE

Proof of concept available

Recorded 2025-04-28 15:02:33 UTC

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2013-01-03 01:00 UTC

Scanner Integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/moinmoin_twikidraw.rb Apr 28, 2025

Potential Proof of Concepts

These PoCs are unverified and could contain malware. Use at your own risk.

moinmoin_twikidraw

metasploit · Created Unknown

Metasploit module for CVE-2012-6081

Timeline

  • Detected by Metasploit

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • CVE Published to Public

  • CVE ID Reserved