MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities
Description
MoinMoin versions prior to 1.9.6 contain unrestricted file upload vulnerabilities in the twikidraw and anywikidraw actions. Authenticated users with write permissions can upload files with executable extensions (such as .py, .php, or .sh) through these drawing plugin actions. Once uploaded, attackers can directly access these files via HTTP requests, causing the server to execute the malicious code. This vulnerability was actively exploited in the wild during July 2012.
Remediation
Immediately upgrade MoinMoin to version 1.9.6 or later, which addresses this vulnerability by implementing proper file upload restrictions.
Remediation Steps:
1. Back up your current MoinMoin installation and all wiki data
2. Download MoinMoin version 1.9.6 or later from the official repository
3. Follow the upgrade instructions in the MoinMoin documentation
4. After upgrading, review server logs for any suspicious file uploads or access patterns between the initial deployment and the upgrade
5. Inspect the wiki's data directory for any unauthorized executable files (particularly in directories used by twikidraw and anywikidraw actions)
6. Remove any suspicious files discovered during the audit
7. Consider implementing additional security controls such as web application firewalls and file upload scanning
If immediate upgrading is not possible, temporarily disable the twikidraw and anywikidraw actions by removing or renaming the action/twikidraw.py and action/anywikidraw.py files until the upgrade can be completed.