cbcvebase.
CVE-2012-10046
published 2025-08-08

CVE-2012-10046: The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi…

PriorityP269critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.00%
85.7th percentile
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.

Affected

1 ranges
VendorProductVersion rangeFixed in
esva-projecte-mail_security_virtual_appliance

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/learn-msg.cgi
otherid (CGI parameter - command injection vector)
  • Monitor HTTP requests to learn-msg.cgi containing shell metacharacters (e.g., ;, |, $(), backticks) in the 'id' parameter — this is the injection point for CVE-2012-10046.
  • Flag unauthenticated POST/GET requests to learn-msg.cgi on ESVA appliances; no session or credentials are required for exploitation.
  • Correlate exploitation attempts against ESVA version ESVA_2057 specifically, as this is the confirmed vulnerable build.
  • ·Confirmed vulnerable version is ESVA_2057; other versions may also be affected but have not been explicitly tested.
  • ·The Metasploit module targets Linux-based ESVA appliances via HTTP; detection rules should be scoped to Linux HTTP CGI environments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.