9
CVE-2011-0018
- EPSS 9.73%
- Published 28.01.2011 16:00:02
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
Data is provided by the National Vulnerability Database (NVD)
Openvas ≫ Openvas Manager Version1.0.0
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta1
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta2
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta3
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta4
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta5
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta6
Openvas ≫ Openvas Manager Version1.0.0 Updatebeta7
Openvas ≫ Openvas Manager Version1.0.0 Updaterc1
Openvas ≫ Openvas Manager Version1.0.1
Openvas ≫ Openvas Manager Version1.0.2
Openvas ≫ Openvas Manager Version1.0.3
Openvas ≫ Openvas Manager Version2.0 Updatebeta1
Openvas ≫ Openvas Manager Version2.0 Updatebeta2
Openvas ≫ Openvas Manager Version2.0 Updatebeta3
Openvas ≫ Openvas Manager Version2.0 Updaterc1
Openvas ≫ Openvas Manager Version2.0 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.73% | 0.926 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.