Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5208Improper Input Validation in Hplip

CWE-20Improper Input ValidationCWE-78OS Command Injection11 documents9 sources
Severity
7.6HIGHNVD
EPSS
73.7%
top 1.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian HplipHP Linux Imaging AND Printing Project
Timeline
PublishedOct 13
Latest updateMay 1

Description

hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

debiandebian/hplip< hplip 1.6.10-4.3 (bookworm)

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-qjxj-rc6r-r77w: hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 12022-05-01
OSV
CVE-2007-5208: hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 12007-10-13

💥Exploits & PoCs

2
Exploit-DB
hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit)2010-10-09
Metasploit
HPLIP hpssd.py From Address Arbitrary Command Execution

📋Vendor Advisories

3
Ubuntu
hplip vulnerability2007-10-12
Red Hat
hplip arbitrary command execution2007-10-11
Debian
CVE-2007-5208: hplip - hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x ...2007

💬Community

3
Bugzilla
CVE-2007-5208 hplip arbitrary command execution [F7]2007-10-12
Bugzilla
CVE-2007-5208 hplip arbitrary command execution [FC6]2007-10-12
Bugzilla
CVE-2007-5208 hplip arbitrary command execution2007-10-05