CVE-2013-3575

Published: Jun 14, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

Affected (1)

Products: Hp: Insight Diagnostics

1 product

Insight Diagnostics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Insight Diagnostics	Version 9.4.0.4710

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.kb.cert.org/vuls/id/324668

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/324668

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.