CVE-2010-10013

CRITICAL

AjaXplorer < 2.6 - Unauthenticated Remote Code Execution via access.ssh checkInstall.php destServer Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-10013. PoCs published by Metasploit, Julien Cayssol, David Maciejak, sinn3r, including Metasploit module exploits/multi/http/ajaxplorer_checkinstall_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in AjaXplorer's 'checkInstall.php' script by injecting arbitrary commands via the 'destServer' parameter. It supports multiple platforms and uses a simple GET request to trigger the vulnerability.

Description

An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/21993

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in AjaXplorer's 'checkInstall.php' script by injecting arbitrary commands via the 'destServer' parameter. It supports multiple platforms and uses a simple GET request to trigger the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AjaXplorer < 2.6

No auth needed

Prerequisites: Network access to the target · AjaXplorer instance with vulnerable 'checkInstall.php' script

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Julien Cayssol, David Maciejak, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in AjaXplorer's checkInstall.php script, allowing arbitrary command execution via the destServer parameter. It is a functional exploit targeting versions prior to 2.6.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AjaXplorer < 2.6

No auth needed

Prerequisites: Network access to the target · AjaXplorer with vulnerable checkInstall.php accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Product product

https://sourceforge.net/projects/ajaxplorer/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/21993

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb

Third Party Advisory third-party-advisory

https://www.tenable.com/plugins/nessus/45489

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce

Scores

CVSS v4 9.3

EPSS 0.0108

EPSS Percentile 60.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

AjaXplorer/AjaXplorer < 2.6

Published Aug 08, 2025

Tracked Since Feb 18, 2026