{"id":"PYSEC-2009-11","details":"The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.","aliases":["CVE-2008-6548","GHSA-jhxw-4hw4-mhh7"],"modified":"2025-10-09T05:15:58.251194Z","published":"2009-03-30T01:30:00Z","references":[{"type":"ADVISORY","url":"http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"},{"type":"WEB","url":"http://osvdb.org/48877"},{"type":"ADVISORY","url":"http://moinmo.in/SecurityFixes"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.4","1.8.5","1.8.6","1.8.7","1.9.0","1.9.1","1.9.10","1.9.11","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9","2.0.0a1","2.0.0b1","2.0.0b2","2.0.0b3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-11.yaml"}}],"schema_version":"1.7.3"}