GCVE - cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ajaxplorer (`1de97b85-9c77-5e2b-b6c9-a877596ae47d`)
Product	Ajaxplorer (`4ccd47da-3458-5702-b727-8a0e06a3c4fd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/pydio/cells`	purl2cpe	2026-06-01 10:15:04.068516
`pkg:github/pydio/cells`	purl2cpe	2026-06-01 10:15:04.068518
`pkg:sourceforge/ajaxplorer`	purl2cpe	2026-06-01 10:15:04.068521

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-6227`	vulnerable	2026-06-08 05:04:55.692177	Details available Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation. Published: 2014-12-27T18:00:00.000Z Updated: 2024-08-06T17:38:58.982Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/46206/ http://pyd.io/pydio-core-5-0-4/ http://www.redfsec.com/CVE-2013-6227	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6226`	vulnerable	2026-06-08 05:04:55.683067	Details available Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. Published: 2013-11-14T20:00:00.000Z Updated: 2024-08-06T17:38:58.899Z Open on db.gcve.eu Reference links http://www.redfsec.com/CVE-2013-6226 http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html https://exchange.xforce.ibmcloud.com/vulnerabilities/88667 http://www.securityfocus.com/bid/63647 http://pyd.io/pydio-core-5-0-4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5688`	vulnerable	2026-06-08 05:04:53.057494	Details available Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action. Published: 2013-11-05T21:00:00.000Z Updated: 2024-09-17T03:03:27.190Z Open on db.gcve.eu Reference links http://ajaxplorer.info/ajaxplorer-core-5-0-3/ https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt http://osvdb.org/97022	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-10013`	vulnerable	2026-06-08 04:54:04.395896	AjaXplorer < 2.6 checkInstall.php Unauthenticated RCE An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process. Published: 2025-08-08T18:09:40.513Z Updated: 2026-05-15T11:13:20.560Z Open on db.gcve.eu Reference links https://sourceforge.net/projects/ajaxplorer/ https://www.exploit-db.com/exploits/21993 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb https://www.tenable.com/plugins/nessus/45489 https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.