CVE-2010-3313

EXPLOITED

EGroupware <1.6.003-9.2.20100309 - Command Injection

Title source: llm

Description

phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Nahuel Grisolia · textwebappsphp

https://www.exploit-db.com/exploits/11777

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://www.egroupware.org/news?item=93

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/11777/

[Third Party Advisory] http://www.debian.org/security/2010/dsa-2013

[Mailing List] http://www.openwall.com/lists/oss-security/2010/09/21/7

Scores

EPSS 0.0230

EPSS Percentile 84.8%

Details

VulnCheck KEV 2020-12-14

CWE

CWE-94

Status published

Products (9)

egroupware/egroupware 1.4.001

egroupware/egroupware 1.4.001\+.002

egroupware/egroupware 1.4.002

egroupware/egroupware 1.6.001

egroupware/egroupware 1.6.001\+.002

egroupware/egroupware 1.6.002

egroupware/egroupware 9.1

egroupware/egroupware 9.2

egroupware/egroupware 0 - 1.6.003Packagist

Published Sep 22, 2010

Tracked Since Feb 18, 2026