CVE-2010-4099

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

Published: Oct 27, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-4099
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
nitrosecurity / nitroview_esm_software	8.4.0a	8.4.0a.x

http://www.exploit-db.com/exploits/15318
http://www.securityfocus.com/bid/44421
http://www.securitytracker.com/id?1024639
https://exchange.xforce.ibmcloud.com/vulnerabilities/62768

Vulnerability Database

290,020

CVE-2010-4099