Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6601 — Path Traversal in Webnms Framework

CWE-22 — Path Traversal5 documents5 sources

Severity

7.5HIGHNVD

EPSS

92.8%

top 0.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Webnms Framework

Timeline

PublishedJan 23

Latest updateMay 14

Description

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDzohocorp/webnms_framework5.2

🔴Vulnerability Details

GHSA

GHSA-xh3h-35f7-mgq7: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5↗2022-05-14

▶

CVEList

CVE-2016-6601: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5↗2017-01-23

▶

💥Exploits & PoCs

Exploit-DB

WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities↗2016-08-10

▶

Nuclei

ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion

▶