What is CVE-2012-10046?

CVE-2012-10046 is a vulnerability in Esva-project E-mail Security Virtual Appliance, classified under OS Command Injection. Published 2025-08-08.

Is CVE-2012-10046 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Esva-project E-mail Security Virtual Appliance

CVE-2012-10046

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id par…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.681 (98.6th percentile) — read the EPSS interpretation.

Affected products

Esva-project E-mail Security Virtual Appliance — versions ESVA_2057

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

sourceforge.net/projects/esva-project/ (product)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/20551 (exploit)
www.exploit-db.com/exploits/20712 (exploit)
www.vulncheck.com/advisories/email-security-virtual-appliance-command-injection (third-party-advisory)

Frequently asked questions

What is CVE-2012-10046?: CVE-2012-10046 is a vulnerability in Esva-project E-mail Security Virtual Appliance, classified under OS Command Injection. Published 2025-08-08.
Is CVE-2012-10046 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.