CVE-2013-3575

HP Insight Diagnostics 9.4.0.4710 - Remote File Inclusion via path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3575. PoCs published by Markus Wulftange.

AI-analyzed exploit summary The provided text describes a local file include vulnerability in HP Insight Diagnostics 9.4.0.4710, allowing arbitrary local script execution and information disclosure due to insufficient input validation. No actual exploit code is present, only a vulnerability description and example URL.

Description

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Markus Wulftange · textwebappsphp

https://www.exploit-db.com/exploits/38563

View Code ZIP pw:eip

The provided text describes a local file include vulnerability in HP Insight Diagnostics 9.4.0.4710, allowing arbitrary local script execution and information disclosure due to insufficient input validation. No actual exploit code is present, only a vulnerability description and example URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: HP Insight Diagnostics 9.4.0.4710

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/324668

Scores

EPSS 0.0384

EPSS Percentile 88.8%

Details

CWE

CWE-20

Status published

Products (1)

hp/insight_diagnostics 9.4.0.4710

Published Jun 14, 2013

Tracked Since Feb 18, 2026