CVE-2013-10039

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...

CVE-2013-10039 GestioIP 3.0 ip_checkhost.cgi RCE

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...

CVE-2013-10039 GestioIP 3.0 ip_checkhost.cgi RCE

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...

CVE-2013-10039

CVE-2013-10039 describes a remote command injection in GestioIP

PT-2025-31537 · Undefined · Undefined

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployme...

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

📄 GestioIP 3.5.7 Cross Site Request Forgery

GestioIP version 3.5.7 suffers from a cross site request forgery vulnerability. Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity a...

📄 GestioIP 3.5.7 Cross Site Scripting

GestioIP version 3.5.7 suffers from reflective and persistent cross site scripting vulnerabilities. Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email...

GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)

Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Stored Cross-Site Scripting Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email: max.cybersecurity at belino.com GitHub disclosure link:...

GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)

Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity at belino.com GitHub disclosure link:...

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

PT-2025-2891 · Gestioip · Gestioip

Name of the Vulnerable Software and Affected Versions: GestioIP version 3.5.7 Description: The issue affects multiple endpoints in GestioIP, making them vulnerable to Cross-Site Request Forgery CSRF. An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to da...

PT-2025-2893 · Gestioip · Gestioip

Name of the Vulnerable Software and Affected Versions: GestioIP version 3.5.7 Description: The issue concerns a Stored XSS vulnerability in the ip mod dns key form.cgi request. An attacker can inject malicious code into the TSIG Key field, which is saved in the database and triggers XSS when...