CVE-2016-6255

Name of the Vulnerable Software and Affected Versions Portable UPnP SDK (aka libupnp) versions prior to 1.6.21

Description The issue allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. This can be achieved by sending a POST request to a specific endpoint, potentially allowing attackers to modify files on the system.

Recommendations For versions prior to 1.6.21, update to version 1.6.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the webroot directory to minimize the risk of exploitation. Avoid using unregistered handlers in POST requests until the issue is resolved.