source: https://www.securityfocus.com/bid/9971/info
HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server.
This issue exists in the printer firmware update script. Given the ability to place arbitrary files on the server to an attacker-specified location, it may be possible to execute arbitrary code, though this will require exploitation of other known vulnerabilities, such as BID 9972 "HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".
Authentication, if it has been enabled, would be required to exploit this issue.
This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows platform. Other versions may be similarly affected.
https://www.example.com:8443/plugins/hpjwja/script/devices_update_printer_fw_upload.hts