CVE-2013-3576

HP System Management Homepage - Authenticated OS Command Injection via PATH_INFO to smhutil/snmpchp.php.en

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3576. PoCs published by Metasploit, Markus Wulftange, sinn3r, including Metasploit module exploits/multi/http/hp_sys_mgmt_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in HP System Management Homepage by manipulating the 'tempfilename' variable in the JustGetSNMPQueue function, leading to arbitrary code execution under the SYSTEM context.

Description

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/26420

This Metasploit module exploits a command injection vulnerability in HP System Management Homepage by manipulating the 'tempfilename' variable in the JustGetSNMPQueue function, leading to arbitrary code execution under the SYSTEM context.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP System Management Homepage
No auth needed
Prerequisites: TFTP command enabled on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Markus Wulftange, sinn3r · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/hp_sys_mgmt_exec.rb

This Metasploit module exploits a command injection vulnerability in HP System Management Homepage by manipulating the 'tempfilename' variable in the JustGetSNMPQueue function, leading to remote code execution via a crafted HTTP request.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP System Management Homepage (versions affected by CVE-2013-3576)
No auth needed
Prerequisites: Network access to the target system · HP System Management Homepage service running on port 2381
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=137952496405683&w=2
Exploit, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/735364

Scores

EPSS 0.6659
EPSS Percentile 99.2%

Details

CWE
CWE-78
Status published
Products (1)
hp/system_management_homepage
Published Jun 14, 2013
Tracked Since Feb 18, 2026