CVE-2010-10013

CRITICAL

AjaXplorer <2.6 - RCE

Title source: llm

Description

An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/21993

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Julien Cayssol, David Maciejak, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce

[Product] https://sourceforge.net/projects/ajaxplorer/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/21993

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb

[Third Party Advisory] https://www.tenable.com/plugins/nessus/45489

Scores

CVSS v4 9.3

EPSS 0.6428

EPSS Percentile 98.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

AjaXplorer/AjaXplorer < 2.6

Published Aug 08, 2025

Tracked Since Feb 18, 2026