CVE-2010-3313
eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php en EGroupware v1.4.001+.002; v1.6.001+.002 y posiblemente otras versiones anteriores a v1.6.003 y EPL v9.1 anterior a v9.1.20100309 y v9.2 anterior a v9.2.20100309; permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres shell en los parámetros (1) aspell_path y (2) spellchecker_lang
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2013. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-16 First Exploit
- 2010-09-13 CVE Reserved
- 2010-09-22 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/09/21/7 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/11777 | 2010-03-16 | |
| http://www.exploit-db.com/exploits/11777 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| http://www.egroupware.org/news?item=93 | 2013-08-18 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2010/dsa-2013 | 2013-08-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 1.4.001 Search vendor "Egroupware" for product "Egroupware" and version "1.4.001" | - |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 1.4.001\+.002 Search vendor "Egroupware" for product "Egroupware" and version "1.4.001\+.002" | - |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 1.4.002 Search vendor "Egroupware" for product "Egroupware" and version "1.4.002" | - |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 1.6.001 Search vendor "Egroupware" for product "Egroupware" and version "1.6.001" | - |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 1.6.001\+.002 Search vendor "Egroupware" for product "Egroupware" and version "1.6.001\+.002" | - |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 1.6.002 Search vendor "Egroupware" for product "Egroupware" and version "1.6.002" | - |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 9.1 Search vendor "Egroupware" for product "Egroupware" and version "9.1" | commercial_epl |
Affected
| ||||||
| Egroupware Search vendor "Egroupware" | Egroupware Search vendor "Egroupware" for product "Egroupware" | 9.2 Search vendor "Egroupware" for product "Egroupware" and version "9.2" | commercial_epl |
Affected
| ||||||