Vulnerability Description
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://sourceforge.net/p/gestioip/gestioip/ci/ac67be9fce5ee4c0438d27dfa5c1dcbca
- https://sourceforge.net/projects/gestioip/
- https://www.vulncheck.com/advisories/gestioip-rce
FAQ
What is CVE-2013-10039?
CVE-2013-10039 is a documented vulnerability. A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the ...
How severe is CVE-2013-10039?
CVSS scoring is not yet available for CVE-2013-10039. Check NVD for updates.
Is there a patch for CVE-2013-10039?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.