CVE-2012-5520

OpenVAS Manager <3.0.4 - Command Injection

Title source: llm
STIX 2.1

Description

The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.

References (11)

Core 11
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49128
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/11/13/9
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/11/14/5
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www.openvas.org/OVSA20121112.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56497
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/11/14/11
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/11/13/12

Scores

EPSS 0.0305
EPSS Percentile 86.0%

Details

CWE
CWE-20
Status published
Products (5)
openvas/openvas_manager 3.0 beta1 (9 CPE variants)
openvas/openvas_manager 3.0.0
openvas/openvas_manager 3.0.1
openvas/openvas_manager 3.0.2
openvas/openvas_manager 3.0.3
Published Nov 26, 2012
Tracked Since Feb 18, 2026