cve/CVE-2012-10046.md at a1f7af13e63bb8df7e5f4b4213aa3bc22aa59913

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.

POC

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/esva_exec.rb
https://www.exploit-db.com/exploits/20551
https://www.exploit-db.com/exploits/20712
https://www.vulncheck.com/advisories/email-security-virtual-appliance-command-injection

Github

https://github.com/fkie-cad/nvd-json-data-feeds

1.3 KiB Raw Blame History

CVE-2012-10046

Description

POC

Reference

Github

1.3 KiB

Raw Blame History