cbcvebase.
CVE-2011-10017
published 2025-08-13

CVE-2011-10017: Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly…

PriorityP271critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.32%
81.3th percentile
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.

Affected

1 ranges
VendorProductVersion rangeFixed in
symmetrix_technologiessnort_report< 1.3.21.3.2

Detection & IOCsextracted from sources · hover to see the quote

path/nmap.php
path/nbtscan.php
  • Monitor HTTP GET requests to nmap.php or nbtscan.php containing shell metacharacters (e.g., ;, |, &&, $()) in the 'target' parameter, which is the unsanitized injection point.
  • Exploitation requires no authentication; any unauthenticated request to nmap.php or nbtscan.php with a crafted 'target' parameter should be treated as a high-severity alert.
  • ·Vulnerability affects Snort Report versions prior to 1.3.2 only; patched installations (>= 1.3.2) are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.