Published: 01/06/2018 Updated: 24/08/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

CSV Injection vulnerability in Nikto 2.1.6 and previous versions allows remote malicious users to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cirt.net nikto

Debian Bug report logs - #900608 nikto: CVE-2018-11652 Package: src:nikto; Maintainer for src:nikto is Vincent Bernat <bernat@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 1 Jun 2018 22:00:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in version nikto/1 ...

# Exploit Title: Nikto 216 - CSV Injection # Google Dork: N/A # Date: 2018-06-01 # Exploit Author: Adam Greenhill # Vendor Homepage: cirtnet/Nikto2 # Software Link: githubcom/sullo/nikto # Affected Version: 216, 215 # Category: Applications # Tested on: Kali Linux 414 x64 # CVE : CVE-2018-11652 # Technical Description: # ...

Nikto version 216 suffers from a csv injection vulnerability ...

CWE-1236 https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7 https://www.exploit-db.com/exploits/44899/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900608 https://nvd.nist.gov https://www.exploit-db.com/exploits/44899/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-11652

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect