Exploitation Summary
CVE-2018-16716 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
Nuclei Templates (1)
NCBI ToolBox - Directory Traversal
CRITICALby 0x_Akoko
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
Scores
CVSS v3
9.1
EPSS
0.0857
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
nih/ncbi_toolbox
2.0.7 - 2.2.26
Published
May 02, 2019
Tracked Since
Feb 18, 2026