CVE-2011-4166

HP Managed Printing Administration <2.6.4 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27013

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Andrea Micalizzi, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_mpa_job_acct.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-11-352/

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469

Scores

EPSS 0.6347

EPSS Percentile 98.4%

Details

CWE

CWE-22

Status published

Products (1)

hp/managed_printing_administration < 2.6.3

Published Dec 27, 2011

Tracked Since Feb 18, 2026