CVE-2018-16716
CVE-2018-16716
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 8.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
02 May 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
Affected products
n/a · n/a