CVE-2013-10037
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-07-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eppler_software | webtester | 5.x |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS command injection in WebTester version 5.x, specifically in the install2.php script. The parameters cpusername, cppassword, and cpdomain are used directly in shell commands without proper sanitization. This allows a remote unauthenticated attacker to send a specially crafted HTTP POST request that executes arbitrary commands on the server with the web server's privileges.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary command execution on the affected system with the privileges of the web server. This means an attacker could potentially take control of the server, access sensitive data, modify or delete files, or use the server to launch further attacks.