hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/324668 | US Government Resource |
http://www.kb.cert.org/vuls/id/324668 | US Government Resource |
Configurations
History
21 Nov 2024, 01:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/324668 - US Government Resource |
Information
Published : 2013-06-14 13:07
Updated : 2024-11-21 01:53
NVD link : CVE-2013-3575
Mitre link : CVE-2013-3575
CVE.ORG link : CVE-2013-3575
JSON object : View
Products Affected
hp
- insight_diagnostics
CWE
CWE-20
Improper Input Validation