cbcvebase.
CVE-2013-10039
published 2025-07-31

CVE-2013-10039: A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to…

PriorityP272high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.35%
87.2th percentile
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.

Affected

1 ranges
VendorProductVersion rangeFixed in
gestioipipam< 3.0 commit ac67be3.0 commit ac67be

Detection & IOCsextracted from sources · hover to see the quote

pathip_checkhost.cgi
  • Monitor HTTP requests to ip_checkhost.cgi for suspicious or base64-encoded content in the 'ip' parameter, which is the injection point for arbitrary shell command execution.
  • Detect exploitation attempts by looking for base64-encoded payloads passed to the 'ip' parameter of ip_checkhost.cgi in web server logs or network traffic.
  • The Metasploit module for this CVE creates a shell script on the filesystem as part of exploitation — monitor for unexpected script file creation in GestioIP web-accessible directories.
  • Unauthenticated exploitation is possible when GestioIP is deployed without authentication — treat any request to ip_checkhost.cgi from unauthenticated sessions with injected 'ip' values as high-severity.
  • ·Authentication requirement for exploitation depends on deployment configuration — some GestioIP instances may be exploitable without credentials.
  • ·Authenticated users can also exploit this vulnerability, so authentication alone is not a sufficient mitigation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.