Hewlett-Packard IT Executive Scorecard CAP File Upload Directory Traversal Remote Code Execution Vulnerability

ID ZDI-14-209
Type zdi
Reporter Mike Arnold (Bruk0ut)
Modified 2014-06-22T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is required to exploit this vulnerability. The specific flaw exists within the Content Acceleration Pack web application code. A file upload directory traversal vulnerability can be leveraged to execute code under the context of the SYSTEM user.