← Zuruck zu CVEs
CVE-2010-10013
N/ABeschreibung
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht8/8/2025
Zuletzt geandert8/8/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-78
Referenzen
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb(disclosure@vulncheck.com)
https://sourceforge.net/projects/ajaxplorer/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/21993(disclosure@vulncheck.com)
https://www.tenable.com/plugins/nessus/45489(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce(disclosure@vulncheck.com)
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.exploit-db.com/exploits/21993(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.