Описание
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote a ...
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
Уязвимость сканера безопасности веб-приложений Nikto, связанная с отсутствием нейтрализации специальных элементов во входных данных команд ОС, позволяющая нарушителю выполнить произвольные команды операционной системы
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2