CVE-2011-4166

HP Managed Printing Administration <2.6.4 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4166. PoCs published by Metasploit, Andrea Micalizzi, juan vazquez, including Metasploit module exploits/windows/http/hp_mpa_job_acct.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in HP Managed Printing Administration 2.6.3 via directory traversal and null byte injection in the MPAUploader.Uploader.1 control. It uploads a malicious ASP file to achieve remote command execution.

Description

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27013

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in HP Managed Printing Administration 2.6.3 via directory traversal and null byte injection in the MPAUploader.Uploader.1 control. It uploads a malicious ASP file to achieve remote command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Managed Printing Administration 2.6.3

No auth needed

Prerequisites: A writable and web-accessible directory under the context of Internet Guest Account (IUSR_*) or Everyone · Target must be running HP Managed Printing Administration 2.6.3 or earlier

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Andrea Micalizzi, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_mpa_job_acct.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in HP Managed Printing Administration 2.6.3 and prior versions via directory traversal and null byte injection in the UploadFiles() function. It achieves remote command execution by uploading a malicious ASP file containing a Base64-encoded executable payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Managed Printing Administration <= 2.6.3

No auth needed

Prerequisites: A writable and web-accessible directory under the context of Internet Guest Account (IUSR_*) or Everyone · Network access to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-11-352/

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469

Scores

EPSS 0.6261

EPSS Percentile 99.1%

Details

CWE

CWE-22

Status published

Products (1)

hp/managed_printing_administration < 2.6.3

Published Dec 27, 2011

Tracked Since Feb 18, 2026