CVE-2018-11652

CRITICAL

Nikto < 2.1.6 - CSV Injection via Server Field in HTTP Response Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-11652. PoCs published by Adam Greenhill.

AI-analyzed exploit summary This exploit demonstrates a CSV injection vulnerability in Nikto 2.1.6 and earlier, where arbitrary OS commands can be injected via the Server field in an HTTP response header, which is then executed when the CSV report is opened in Microsoft Excel.

Description

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

Exploits (1)

exploitdb WORKING POC
by Adam Greenhill · textlocallinux
https://www.exploit-db.com/exploits/44899

This exploit demonstrates a CSV injection vulnerability in Nikto 2.1.6 and earlier, where arbitrary OS commands can be injected via the Server field in an HTTP response header, which is then executed when the CSV report is opened in Microsoft Excel.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nikto 2.1.6, 2.1.5
No auth needed
Prerequisites: nginx server with nginx-extras installed · Nikto configured to output results to a CSV file · Microsoft Excel to open the CSV file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44899/

Scores

CVSS v3 9.8
EPSS 0.2473
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-1236
Status published
Products (1)
cirt.net/nikto < 2.1.6
Published Jun 01, 2018
Tracked Since Feb 18, 2026