High severityNVD Advisory· Published Sep 22, 2010· Updated Apr 29, 2026
CVE-2010-3313
CVE-2010-3313
Description
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
egroupware/egroupwarePackagist | < 1.6.003 | 1.6.003 |
egroupware/egroupwarePackagist | >= 9.1, < 9.1.20100309 | 9.1.20100309 |
egroupware/egroupwarePackagist | >= 9.2, < 9.2.20100309 | 9.2.20100309 |
Affected products
8cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:1.4.001\+.002:*:*:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:1.4.002:*:*:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:1.6.001:*:*:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:1.6.001\+.002:*:*:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:1.6.002:*:*:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:9.1:-:commercial_epl:*:*:*:*:*
- cpe:2.3:a:egroupware:egroupware:9.2:-:commercial_epl:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.egroupware.org/newsnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-5gx6-f2qq-475fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-3313ghsaADVISORY
- www.debian.org/security/2010/dsa-2013nvdWEB
- www.exploit-db.com/exploits/11777ghsaWEB
- www.openwall.com/lists/oss-security/2010/09/21/7nvdWEB
- www.exploit-db.com/exploits/11777/nvd
News mentions
0No linked articles in our index yet.