The email function in manage_sql.c in OpenVAS Manager 1.0.x up to and including 1.0.3 and 2.0.x up to and including 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openvas openvas manager 1.0.0 |
||
openvas openvas manager 2.0 |
||
openvas openvas manager 1.0.1 |
||
openvas openvas manager 1.0.3 |
||
openvas openvas manager 1.0.2 |