CVE-2011-10017

CVE Database · CVE-2011-10017

CVE-2011-10017

· N/ADeferred

CVSS v3.1

N/A

CVSS v4.0

10.0

EPSS

2.32%

Published

Aug 13, 2025

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.

Weaknesses (CWE)

CWE-78

References (4)

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/snortreport_exec.rb

https://web.archive.org/web/20111003093911/http://www.symmetrixtech.com/articles/news-016.html

https://www.exploit-db.com/exploits/17947

https://www.vulncheck.com/advisories/snort-report-rce

KEV Catalog EPSS Scores Vendors All CVEs