CVE-2013-10039
published 2025-07-31CVE-2013-10039: A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to…
PriorityP272high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.35%
87.2th percentile
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gestioip | ipam | < 3.0 commit ac67be | 3.0 commit ac67be |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to ip_checkhost.cgi for suspicious or base64-encoded content in the 'ip' parameter, which is the injection point for arbitrary shell command execution. ↗
- →Detect exploitation attempts by looking for base64-encoded payloads passed to the 'ip' parameter of ip_checkhost.cgi in web server logs or network traffic. ↗
- →The Metasploit module for this CVE creates a shell script on the filesystem as part of exploitation — monitor for unexpected script file creation in GestioIP web-accessible directories. ↗
- →Unauthenticated exploitation is possible when GestioIP is deployed without authentication — treat any request to ip_checkhost.cgi from unauthenticated sessions with injected 'ip' values as high-severity. ↗
- ·Authentication requirement for exploitation depends on deployment configuration — some GestioIP instances may be exploitable without credentials. ↗
- ·Authenticated users can also exploit this vulnerability, so authentication alone is not a sufficient mitigation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-31
Published