Sun Sunsolve CD Pack email Parameter Arbitrary Command Execution

critical Nessus Plugin ID 11066


The remote service is vulnerable to injection attacks allowing command execution.


The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment.

Sunsolve CD CGI scripts does not validate user input. Crackers may use them to execute some commands on your system.

** Note: Nessus did not try to perform the attack.


Do not use the SunSolve CD.

See Also

Plugin Details

Severity: Critical

ID: 11066

File Name: sscd_input.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 8/6/2002

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/11/2002

Reference Information

CVE: CVE-2002-0436

BID: 4269