CVE-2016-1607

HIGH

Novell Filr < 2.0 - Cross-Site Request Forgery via Administrative Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1607. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in Micro Focus Filr, including CSRF, OS command injection, XSS, and authentication bypass. It includes proof-of-concept code for exploiting these vulnerabilities.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.

Exploits (1)

exploitdb WRITEUP VERIFIED
by SEC Consult · textwebappsjava
https://www.exploit-db.com/exploits/40161

This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in Micro Focus Filr, including CSRF, OS command injection, XSS, and authentication bypass. It includes proof-of-concept code for exploiting these vulnerabilities.

Classification
Writeup 100%
Attack Type
Rce, Xss, Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Micro Focus Filr 2 <=2.0.0.421, Filr 1.2 <= 1.2.0.846
No auth needed
Prerequisites: Network access to the target system · For some exploits, an authenticated session
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40161/
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2016/Jul/119
Various Sources x_refsource_confirm
https://download.novell.com/Download?buildid=3V-3ArYN85I~
Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7017786
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92113

Scores

CVSS v3 7.2
EPSS 0.0338
EPSS Percentile 87.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
novell/filr < 1.2
novell/filr < 2.0
Published Aug 01, 2016
Tracked Since Feb 18, 2026