CVE-2011-10017

CRITICAL

Snort Report < 1.3.2 - Unauthenticated Remote Code Execution via nmap.php and nbtscan.php Target Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-10017. PoCs published by Metasploit, Paul Rascagneres, including Metasploit module exploits/multi/http/snortreport_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Snortreport's nmap.php and nbtscan.php scripts by injecting a base64-encoded payload into the 'target' parameter, leading to remote command execution.

Description

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/17947

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Snortreport's nmap.php and nbtscan.php scripts by injecting a base64-encoded payload into the 'target' parameter, leading to remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Snortreport 1.3.2

No auth needed

Prerequisites: Network access to the target · Snortreport with vulnerable scripts exposed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Paul Rascagneres · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/snortreport_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Snortreport's nmap.php/nbtscan.php scripts by injecting a base64-encoded payload into the 'target' parameter, achieving remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Snortreport 1.3.2

No auth needed

Prerequisites: Network access to the target · Snortreport with vulnerable scripts exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/snortreport_exec.rb

Various Sources vendor-advisory patch

https://web.archive.org/web/20111003093911/http://www.symmetrixtech.com/articles/news-016.html

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/17947

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/snort-report-rce

Scores

CVSS v4 10.0

EPSS 0.0232

EPSS Percentile 81.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

Symmetrix Technologies/Snort Report < 1.3.2

Published Aug 13, 2025

Tracked Since Feb 18, 2026