CVE-2010-10013
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
No affected software listed.
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb
- https://sourceforge.net/projects/ajaxplorer/
- https://www.exploit-db.com/exploits/21993
- https://www.tenable.com/plugins/nessus/45489
- https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime