Critical severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026

CVE-2011-10017

Description

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/snortreport_exec.rbnvd
web.archive.org/web/20111003093911/http://www.symmetrixtech.com/articles/news-016.htmlnvd
www.exploit-db.com/exploits/17947nvd
www.vulncheck.com/advisories/snort-report-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000