This Metasploit module exploits a vulnerability found in HP Smart Storage Administrator. By supplying a specially crafted HTTP request, it is possible to control the 'command' variable in function isDirectFileAccess (found in ipcelmclient.php), which will be used in a proc_open() function. Versions prior to HP SSA 2.60.18.0 are vulnerable.
2def32fe02d755ad11317dd47474037a1faca567366fe70d7255b7709aebb8ec
HPE Security Bulletin HPESBMU03701 1 - A potential vulnerability has been identified in HPE Smart Storage Administrator. The vulnerability could remotely be exploited to allow execution of arbitrary code. Revision 1 of this advisory.
389f47122d3d84da0c8406651485468f4b6e77a77a96f6b2064f6ed76dcf6148