CVE-2012-6081

EXPLOITED IN THE WILD

MoinMoin < 1.9.6 - Authenticated Remote Code Execution via File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-6081 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 3 public exploits from researchers including HTP, Unknown, HTP, juan vazquez, including a Metasploit module exploits/unix/webapp/moinmoin_twikidraw.

AI-analyzed exploit summary This Python script exploits CVE-2012-6081, a remote code execution vulnerability in MoinMoin wiki software. It allows an attacker to upload a malicious file to the WikiSandBox page, enabling either a stealth webshell or a backconnect shell depending on the chosen method.

Description

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

Exploits (3)

exploitdb WORKING POC VERIFIED
by HTP · pythonwebappsphp
https://www.exploit-db.com/exploits/25304

This Python script exploits CVE-2012-6081, a remote code execution vulnerability in MoinMoin wiki software. It allows an attacker to upload a malicious file to the WikiSandBox page, enabling either a stealth webshell or a backconnect shell depending on the chosen method.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MoinMoin Wiki (versions affected by CVE-2012-6081)
Auth required
Prerequisites: Access to an editable WikiSandBox page · Valid credentials if authorization is required
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
rubyremotelinux
https://www.exploit-db.com/exploits/26422

This Metasploit module exploits a directory traversal vulnerability in MoinMoin 1.9.5's twikidraw action to upload arbitrary files, specifically targeting the moin.wsgi file to achieve remote code execution. It includes authentication handling, payload delivery, and a post-exploitation restoration attempt.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MoinMoin 1.9.5
Auth required
Prerequisites: Apache/mod_wsgi configuration · Writable page with edit permissions
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC MANUAL
by Unknown, HTP, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/moinmoin_twikidraw.rb

This Metasploit module exploits a directory traversal vulnerability in MoinMoin 1.9.5 to upload arbitrary files, specifically targeting the moin.wsgi file to achieve remote code execution. It includes functionality to restore the original file post-exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MoinMoin 1.9.5
Auth required
Prerequisites: Apache/mod_wsgi configuration · Writable page with edit permissions · Optional authentication credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Various Sources x_refsource_confirm
http://moinmo.in/MoinMoinRelease1.9
Vendor Advisory x_refsource_confirm
http://moinmo.in/SecurityFixes
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51663
Exploit, Patch x_refsource_confirm
http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2593
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57082
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/29/6
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51676
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/30/4
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51696
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/25304
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1680-1

Scores

EPSS 0.7363
EPSS Percentile 98.8%

Details

VulnCheck KEV 2012-09-22
InTheWild.io 2013-12-13
Status published
Products (36)
moinmo/moinmoin 0.1
moinmo/moinmoin 0.2
moinmo/moinmoin 0.3
moinmo/moinmoin 0.4
moinmo/moinmoin 0.5
moinmo/moinmoin 0.6
moinmo/moinmoin 0.7
moinmo/moinmoin 0.8
moinmo/moinmoin 0.9
moinmo/moinmoin 0.10
... and 26 more
Published Jan 03, 2013
Tracked Since Feb 18, 2026