Описание
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hp:insight_diagnostics:9.4.0.4710:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.23025
Средний
7.8 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
EPSS
Процентиль: 96%
0.23025
Средний
7.8 High
CVSS2
Дефекты
CWE-20