CVE-2016-6600
🔴 Łataj teraz
Luka w przejściu katalogów w ZOHO WebNMS umożliwia zdalne przesyłanie i wykonywanie plików JSP.
CVSS
9.8
EPSS
90.6%
Exploit
poc
Vendor
zohocorp
Opis źródłowy (NVD)
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
exploit path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 90.6% |
| Opublikowano (NVD) | 2017-01-23 21:59:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-13 00:24:29 UTC |
Referencje
- http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html (cve@mitre.org) [Exploit, Third Party Advisory]
- http://seclists.org/fulldisclosure/2016/Aug/54 (cve@mitre.org) [Exploit, Mailing List]
- http://www.securityfocus.com/archive/1/539159/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/92402 (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://blogs.securiteam.com/index.php/archives/2712 (cve@mitre.org) [Exploit, Technical Description, Third Party Advisory]
- https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them (cve@mitre.org)
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt (cve@mitre.org) [Exploit]
- https://www.exploit-db.com/exploits/40229/ (cve@mitre.org) [Exploit, Third Party Advisory]