CVE-2018-16716

CRITICAL NUCLEI

NCBI ToolBox <2.2.26 - Info Disclosure

Title source: llm

Description

A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.

Nuclei Templates (1)

NCBI ToolBox - Directory Traversal
CRITICALby 0x_Akoko

References (1)

Scores

CVSS v3 9.1
EPSS 0.4454
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
nih/ncbi_toolbox 2.0.7 - 2.2.26
Published May 02, 2019
Tracked Since Feb 18, 2026