Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6600 β€” Path Traversal in Webnms Framework

CWE-22 β€” Path Traversal4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
90.6%
top 0.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zohocorp Webnms Framework
Timeline
PublishedJan 23
Latest updateMay 14

Description

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-cmmq-h42r-ggfh: Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5β†—2022-05-14
β–Ά
CVEList
CVE-2016-6600: Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5β†—2017-01-23
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities↗2016-08-10
β–Ά
CVE-2016-6600 β€” Path Traversal in Webnms Framework | cvebase