Critical severityNVD Advisory· Published Jul 31, 2025· Updated Apr 15, 2026
CVE-2013-10037
CVE-2013-10037
Description
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
5- advisories.checkpoint.com/defense/advisories/public/2014/cpai-2014-1620.htmlnvd
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/webtester_exec.rbnvd
- sourceforge.net/p/webtesteronline/bugs/3/nvd
- www.exploit-db.com/exploits/29132nvd
- www.vulncheck.com/advisories/webtester-unauth-command-executionnvd
News mentions
0No linked articles in our index yet.