← back
CVE-2010-3313

CVE-2010-3313

EPSS 8.7%
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/11777/unverifiedexploitdbwww.exploit-db.com/exploits/11777unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.debian.org/security/2010/dsa-2013http://www.egroupware.org/news?item=93http://www.exploit-db.com/exploits/11777/http://www.openwall.com/lists/oss-security/2010/09/21/7