CVE-2010-3313

phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:egroupware:egroupware:1.6.001\+.002:*:*:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:1.6.001:*:*:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:9.1:-:commercial_epl:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:1.6.002:*:*:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:1.4.002:*:*:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:9.2:-:commercial_epl:*:*:*:*:*
cpe:2.3:a:egroupware:egroupware:1.4.001\+.002:*:*:*:*:*:*:*

Information

Published : 2010-09-22 12:00

Updated : 2013-08-17 23:14


NVD link : CVE-2010-3313

Mitre link : CVE-2010-3313


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

egroupware

  • egroupware