What is CVE-2010-10013?

CVE-2010-10013 is a vulnerability in Ajaxplorer, classified under OS Command Injection. Published 2025-08-08.

Is CVE-2010-10013 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ajaxplorer

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.

Affected products

Ajaxplorer — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

sourceforge.net/projects/ajaxplorer/ (product)
www.exploit-db.com/exploits/21993 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.tenable.com/plugins/nessus/45489 (third-party-advisory)
www.vulncheck.com/advisories/ajaxplorer-unauth-rce (third-party-advisory)

Frequently asked questions

What is CVE-2010-10013?: CVE-2010-10013 is a vulnerability in Ajaxplorer, classified under OS Command Injection. Published 2025-08-08.
Is CVE-2010-10013 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.