CVE-2016-6600

CRITICAL

ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

Exploits (2)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/40229
metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/webnms_file_upload.rb

References (8)

Scores

CVSS v3 9.8
EPSS 0.9064
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
zohocorp/webnms_framework 5.2 (2 CPE variants)
Published Jan 23, 2017
Tracked Since Feb 18, 2026