CVE-2016-6600

CRITICAL

ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-6600. PoCs published by Pedro Ribeiro, including Metasploit module exploits/multi/http/webnms_file_upload.

AI-analyzed exploit summary The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Description

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

Exploits (2)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/40229

The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WebNMS Framework Server 5.2 and 5.2 SP1
No auth needed
Prerequisites: Network access to the WebNMS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/webnms_file_upload.rb

This Metasploit module exploits an arbitrary file upload vulnerability in WebNMS Framework Server 5.2 via directory traversal in the FileUploadServlet. It uploads a malicious JSP file to achieve remote code execution on Linux or Windows targets.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebNMS Framework Server 5.2 / 5.2 SP1
No auth needed
Prerequisites: Network access to the WebNMS server on port 9090
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/54
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92402
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40229/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/539159/100/0/threaded
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/2712

Scores

CVSS v3 9.8
EPSS 0.9045
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
zohocorp/webnms_framework 5.2 (2 CPE variants)
Published Jan 23, 2017
Tracked Since Feb 18, 2026