CVE-2013-10053
01.08.2025, 21:15
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the systems htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel accountsuch as one in the default Users, Resellers, or Administrators groupsbut no elevated privileges.
Awaiting analysis
This vulnerability is currently awaiting analysis.
References