Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6603Improper Input Validation in Webnms Framework

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
70.3%
top 1.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zohocorp Webnms Framework
Timeline
PublishedJan 23
Latest updateMay 14

Description

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2fmw-vp29-wcgf: ZOHO WebNMS Framework 52022-05-14
CVEList
CVE-2016-6603: ZOHO WebNMS Framework 52017-01-23

💥Exploits & PoCs

1
Exploit-DB
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities2016-08-10
CVE-2016-6603 — Improper Input Validation | cvebase