cbcvebase.
CVE-2010-3313
published 2010-09-22

CVE-2010-3313: phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other…

PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.66%
94.4th percentile
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.

Affected

11 ranges
VendorProductVersion rangeFixed in
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware>= 0 < 1.6.0031.6.003
egroupwareegroupware>= 9.1 < 9.1.201003099.1.20100309
egroupwareegroupware>= 9.2 < 9.2.201003099.2.20100309

Detection & IOCsextracted from sources · hover to see the quote

pathphpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php
  • Monitor HTTP requests targeting spellchecker.php with shell metacharacters (e.g., `;`, `>`, `|`, `&`) in the `aspell_path` or `spellchecker_lang` query parameters.
  • Alert on any GET/POST requests to the path `/phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php` with non-empty `aspell_path` or `spellchecker_lang` parameters, as these are not expected to accept user-controlled executable paths.
  • This vulnerability requires no authentication (Au:N) and is remotely exploitable with low complexity (AC:L), so any external request to the vulnerable endpoint should be treated as suspicious.
  • ·The vulnerability is unauthenticated and pre-auth, meaning no login session is required to exploit it — perimeter controls alone are insufficient if the EGroupware instance is internet-facing.
  • ·Exploitation results in command execution in the context of the web server user, not necessarily root — post-exploitation privilege escalation may follow.
  • ·Fixed versions are EGroupware 1.6.003, EPL-9.1.20100309, and EPL-9.2.20100309 — any deployment running older versions remains vulnerable.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.