Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3693Path Traversal in HP Loadrunner

CWE-22Path Traversal5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
72.6%
top 1.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
HP LoadrunnerPersits Xupload
Timeline
PublishedOct 13
Latest updateMay 2

Description

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDhp/loadrunner9.5

🔴Vulnerability Details

2
GHSA
GHSA-r6hj-55cr-38hq: Directory traversal vulnerability in the Persits2022-05-02
CVEList
CVE-2009-3693: Directory traversal vulnerability in the Persits2009-10-13

💥Exploits & PoCs

2
Exploit-DB
Persits XUpload - ActiveX MakeHttpRequest Directory Traversal (Metasploit)2010-11-11
Exploit-DB
HP LoadRunner 9.5 - Remote file creation (PoC)2009-09-29
CVE-2009-3693 — Path Traversal in HP Loadrunner | cvebase