CVE-2013-3576

HP System Management Homepage - OS Command Injection

Title source: rule

Description

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/26420

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Markus Wulftange, sinn3r · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/hp_sys_mgmt_exec.rb

View Code ZIP pw:eip

References (2)

[Mailing List] http://marc.info/?l=bugtraq&m=137952496405683&w=2

[Exploit, US Government Resource] http://www.kb.cert.org/vuls/id/735364

Scores

EPSS 0.4632

EPSS Percentile 97.7%

Details

CWE

CWE-78

Status published

Products (1)

hp/system_management_homepage

Published Jun 14, 2013

Tracked Since Feb 18, 2026