CVE-2016-6255

Published: Mar 7, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20160720 Re: libupnp write files via POST

mailing-list

x_refsource_MLIST

https://twitter.com/mjg59/status/755062278513319936

x_refsource_MISC

https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd

x_refsource_MISC

https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog

x_refsource_CONFIRM

GLSA-201701-52

vendor-advisory

x_refsource_GENTOO

40589

exploit

x_refsource_EXPLOIT-DB

https://www.tenable.com/security/research/tra-2017-10

x_refsource_MISC

[oss-security] 20160718 libupnp write files via POST

mailing-list

x_refsource_MLIST

DSA-3736

vendor-advisory

x_refsource_DEBIAN

92050

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6255

Description

Affected Products

References