Home

Description

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-13 | Updated 2025-08-14 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

* before 1.3.2
affected

Credits

Paul Rascagneres finder

References

raw.githubusercontent.com/.../multi/http/snortreport_exec.rb exploit

www.exploit-db.com/exploits/17947 exploit

web.archive.org/....symmetrixtech.com/articles/news-016.html vendor-advisory patch

www.vulncheck.com/advisories/snort-report-rce third-party-advisory

cve.org (CVE-2011-10017)

nvd.nist.gov (CVE-2011-10017)

Download JSON