CVE-2010-4099

NitroSecurity NitroView ESM 8.4.0a - Remote Command Execution via Request Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4099. PoCs published by s_n, Filip Palian.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in NitroView ESM by submitting a maliciously crafted POST request to execute arbitrary commands on the target system. The vulnerability arises due to insufficient input sanitization, allowing command execution via the 'Request' parameter.

Description

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

Exploits (2)

exploitdb WORKING POC VERIFIED
by s_n · htmlremotelinux
https://www.exploit-db.com/exploits/34932

This exploit leverages a command injection vulnerability in NitroView ESM by submitting a maliciously crafted POST request to execute arbitrary commands on the target system. The vulnerability arises due to insufficient input sanitization, allowing command execution via the 'Request' parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NitroView ESM 8.4.0a
No auth needed
Prerequisites: ESSPMDebug=1 must be set in /usr/local/ess/CPConsoleServer.cfg · Target must be running NitroView ESM 8.4.0a
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Filip Palian · textremotelinux
https://www.exploit-db.com/exploits/15318

The exploit leverages a command injection vulnerability in the 'ess.pm' Perl module of NitroView ESM due to improper input validation. By manipulating the IFS (Internal Field Separator) and sending a crafted POST request, an attacker can achieve remote code execution without authentication.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NitroView ESM 8.4.0a (NitroSecurity 2.6.22.19-24nssmp64 GNU/Linux)
No auth needed
Prerequisites: ESSPMDebug=1 in /usr/local/ess/CPConsoleServer.cfg · Network access to the target web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62768
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15318
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024639
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44421

Scores

EPSS 0.0268
EPSS Percentile 83.8%

Details

CWE
CWE-20
Status published
Products (1)
nitrosecurity/nitroview_esm_software 8.4.0a
Published Oct 27, 2010
Tracked Since Feb 18, 2026