CVE-2010-3313

phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
egroupwareegroupware
1.4.001
egroupwareegroupware
1.4.001\+.002
egroupwareegroupware
1.4.002
egroupwareegroupware
1.6.001
egroupwareegroupware
1.6.001\+.002
egroupwareegroupware
1.6.002
egroupwareegroupware
9.1
egroupwareegroupware
9.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
egroupware-egw-pear
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://www.debian.org/security/2010/dsa-2013
http://www.egroupware.org/news?item=93
http://www.exploit-db.com/exploits/11777/
http://www.openwall.com/lists/oss-security/2010/09/21/7
http://www.debian.org/security/2010/dsa-2013
http://www.egroupware.org/news?item=93
http://www.exploit-db.com/exploits/11777/
http://www.openwall.com/lists/oss-security/2010/09/21/7