← Voltar para CVEs
CVE-2012-10046
N/ADescricao
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado8/8/2025
Ultima modificacao8/8/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-78
Referencias
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/esva_exec.rb(disclosure@vulncheck.com)
https://sourceforge.net/projects/esva-project/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/20551(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/20712(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/email-security-virtual-appliance-command-injection(disclosure@vulncheck.com)
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/esva_exec.rb(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.exploit-db.com/exploits/20551(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.exploit-db.com/exploits/20712(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.