Unrated severityNVD Advisory· Published Jan 28, 2011· Updated Apr 29, 2026
CVE-2011-0018
CVE-2011-0018
Description
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
Affected products
17cpe:2.3:a:openvas:openvas_manager:1.0.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:openvas:openvas_manager:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_manager:2.0:rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.openvas.org/OVSA20110118.htmlnvdExploitPatchVendor Advisory
- www.vupen.com/english/advisories/2011/0208nvdVendor Advisory
- osvdb.org/70639nvd
- secunia.com/advisories/43037nvd
- www.exploit-db.com/exploits/16086nvd
- www.securityfocus.com/archive/1/515971/100/0/threadednvd
- www.securityfocus.com/bid/45987nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/65011nvd
News mentions
0No linked articles in our index yet.