cvedb.io
CVE-2018-11652
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-06-01T15:29:00.517 · Last modified 2026-06-17T01:36:19.367

Summary

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

Affected products

cirt.net — nikto

Does this affect you?

Add your gear to cvedb and we'll alert you only when cirt.net ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.