CVE-2016-6255 in libupnpinfo

Summary

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

07/20/2016

Disclosure

03/07/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-284 (Confirmed)

Exploit

Download

CVSS

7.4

EPSS

0.54085

CTI

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6255
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6255
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6255/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!