CVE-2013-10037
WebTester 5.x install2.php Unauthenticated Command Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
| CWE | CWE-78 |
| Vendor | eppler software |
| Product | webtester |
| Published | Jul 31, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for eppler software webtester
Be the first to know when new unknown vulnerabilities affecting eppler software webtester are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Eppler Software / WebTester
5.0
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/webtester_exec.rb sourceforge.net: https://sourceforge.net/p/webtesteronline/bugs/3/ exploit-db.com: https://www.exploit-db.com/exploits/29132 advisories.checkpoint.com: https://advisories.checkpoint.com/defense/advisories/public/2014/cpai-2014-1620.html vulncheck.com: https://www.vulncheck.com/advisories/webtester-unauth-command-execution
Credits
bcoles