CVE-2016-6601

HIGH NUCLEI

ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

Exploits (2)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/40229
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/webnms_file_download.rb

Nuclei Templates (1)

ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
HIGHby 0x_Akoko

References (10)

Scores

CVSS v3 7.5
EPSS 0.9278
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
zohocorp/webnms_framework 5.2 (2 CPE variants)
Published Jan 23, 2017
Tracked Since Feb 18, 2026