CVE-2012-10046

E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

Description

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.

INFO

Published Date :

2025-08-08T18:11:08.292Z

Last Modified :

2026-04-07T14:02:41.070Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10046 vulnerability.

Vendors	Products
Esva Project	Esva

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10046.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/esva_exec.rb
https://sourceforge.net/projects/esva-project/
https://www.exploit-db.com/exploits/20551
https://www.exploit-db.com/exploits/20712
https://www.vulncheck.com/advisories/email-security-virtual-appliance-command-injection

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability