Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | libupnp | < 1:1.6.19+git20160116-1.2 | libupnp_1:1.6.19+git20160116-1.2_all.deb |