CVE-2011-10017
Snort Report nmap.php/nbtscan.php RCE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.
| CWE | CWE-78 |
| Vendor | symmetrix technologies |
| Product | snort report |
| Published | Aug 13, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for symmetrix technologies snort report
Be the first to know when new unknown vulnerabilities affecting symmetrix technologies snort report are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Symmetrix Technologies / Snort Report
* < 1.3.2
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/snortreport_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/17947 web.archive.org: https://web.archive.org/web/20111003093911/http://www.symmetrixtech.com/articles/news-016.html vulncheck.com: https://www.vulncheck.com/advisories/snort-report-rce
Credits
Paul Rascagneres