CVE-2010-10013

Vulnerability Description

An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.

Related Weaknesses (CWE)

References

• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://sourceforge.net/projects/ajaxplorer/
• https://www.exploit-db.com/exploits/21993
• https://www.tenable.com/plugins/nessus/45489
• https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce
• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://www.exploit-db.com/exploits/21993

FAQ

What is CVE-2010-10013?

CVE-2010-10013 is a documented vulnerability. An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh p...

How severe is CVE-2010-10013?

CVSS scoring is not yet available for CVE-2010-10013. Check NVD for updates.

Is there a patch for CVE-2010-10013?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.