The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
                
            References
                    | Link | Resource | 
|---|---|
| http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | Broken Link Vendor Advisory | 
| http://moinmo.in/SecurityFixes | Release Notes Vendor Advisory | 
| http://osvdb.org/48877 | Broken Link | 
| http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | Broken Link Vendor Advisory | 
| http://moinmo.in/SecurityFixes | Release Notes Vendor Advisory | 
| http://osvdb.org/48877 | Broken Link | 
Configurations
                    History
                    No history.
Information
                Published : 2009-03-30 01:30
Updated : 2025-04-09 00:30
NVD link : CVE-2008-6548
Mitre link : CVE-2008-6548
CVE.ORG link : CVE-2008-6548
JSON object : View
Products Affected
                moinmo
- moinmoin
CWE
                
                    
                        
                        CWE-862
                        
            Missing Authorization
