CVE-2012-10046

CRITICAL

E-Mail Security Virtual Appliance ESVA_2057 - Unauthenticated OS Command Injection via learn-msg.cgi id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10046. PoCs published by Metasploit, iJoo, iJoo, juan vazquez, including Metasploit module exploits/linux/http/esva_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in E-Mail Security Virtual Appliance via the learn-msg.cgi file, allowing arbitrary OS command execution without authentication. It has been tested on ESVA_2057.

Description

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/20712

This Metasploit module exploits a command injection vulnerability in E-Mail Security Virtual Appliance via the learn-msg.cgi file, allowing arbitrary OS command execution without authentication. It has been tested on ESVA_2057.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: E-Mail Security Virtual Appliance (ESVA_2057)
No auth needed
Prerequisites: Network access to the target appliance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by iJoo · perlremotelinux
https://www.exploit-db.com/exploits/20551

This Perl script exploits a command injection vulnerability in E-Mail Security Virtual Appliance (ESVA) versions < 2.0.6 via the `learn-msg.cgi` endpoint. It allows remote command execution by injecting commands through the `id` parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: E-Mail Security Virtual Appliance (ESVA) < 2.0.6
No auth needed
Prerequisites: Network access to the target ESVA instance · Vulnerable version of ESVA (< 2.0.6)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by iJoo, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/esva_exec.rb

This Metasploit module exploits a command injection vulnerability in E-Mail Security Virtual Appliance via the learn-msg.cgi file, allowing unauthenticated remote command execution. It has been tested on ESVA_2057.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: E-Mail Security Virtual Appliance (ESVA_2057)
No auth needed
Prerequisites: Network access to the target appliance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 9.3
EPSS 0.6808
EPSS Percentile 98.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
ESVA-Project/E-Mail Security Virtual Appliance ESVA_2057
Published Aug 08, 2025
Tracked Since Feb 18, 2026