CVE-2013-4267

Name of the Vulnerable Software and Affected Versions: Ajaxeplorer versions prior to 5.0.1

Description: The issue allows remote attackers to execute arbitrary commands. This can be achieved by injecting shell metacharacters into specific parameters, including the archive name parameter in the Power FS module, a file name in the getTrustSizeOnFileSystem function within the File System (Standard) module, or the revision parameter in the Subversion Repository module.

Recommendations: For versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Power FS, File System (Standard), and Subversion Repository modules until the update is applied. Avoid using the archive name, file names in the getTrustSizeOnFileSystem function, and revision parameters in the affected modules until the issue is resolved.