Info Published: Aug 08, 2025 Modified: Aug 08, 2025

CVE-2010-10013

0 CVSS SCORE

Description

An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.

Weaknesses (CWE)

CWE-78

References & External Links

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb
https://sourceforge.net/projects/ajaxplorer/
https://www.exploit-db.com/exploits/21993
https://www.tenable.com/plugins/nessus/45489
https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb
https://www.exploit-db.com/exploits/21993

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker