CVE-2016-9332

HIGH

Moxa SoftCMS <1.6 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9332. PoCs published by Zhou Yu.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Moxa SoftCMS 1.5 by sending malformed HTTP GET requests to the AspWebServer, causing it to crash. The PoC includes four payloads extracted from fuzzing crashes.

Description

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition.

Exploits (1)

exploitdb WORKING POC
by Zhou Yu · pythondoswindows
https://www.exploit-db.com/exploits/40779

This exploit demonstrates a denial-of-service vulnerability in Moxa SoftCMS 1.5 by sending malformed HTTP GET requests to the AspWebServer, causing it to crash. The PoC includes four payloads extracted from fuzzing crashes.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Moxa SoftCMS 1.5 or prior versions
No auth needed
Prerequisites: Network access to the target server · AspWebServer running on port 81
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94394
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40779/

Scores

CVSS v3 7.5
EPSS 0.0824
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-399
Status published
Products (2)
moxa/softcms < 1.5
n/a/Moxa SoftCMS prior to Version 1.6 Moxa SoftCMS prior to Version 1.6
Published Feb 13, 2017
Tracked Since Feb 18, 2026