Exploit HP Web Jetadmin 7.5.2456 - Printer Firmware Update Script Arbitrary File Upload

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23878
Проверка EDB
  1. Пройдено
Автор
WIREPAIR
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-1856
Дата публикации
2004-03-24
Код:
source: https://www.securityfocus.com/bid/9971/info

HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server. 

This issue exists in the printer firmware update script. Given the ability to place arbitrary files on the server to an attacker-specified location, it may be possible to execute arbitrary code, though this will require exploitation of other known vulnerabilities, such as BID 9972 "HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".

Authentication, if it has been enabled, would be required to exploit this issue.

This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows platform. Other versions may be similarly affected.

https://www.example.com:8443/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
 
Источник
www.exploit-db.com

Похожие темы