Home

Description

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-13 | Updated 2025-08-18 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Product status

Default status
unknown

* before 0.60.2
affected

Credits

joernchen finder

References

raw.githubusercontent.com/...multi/http/spree_search_exec.rb exploit

www.exploit-db.com/exploits/17941 exploit

web.archive.org/.../2011/10/05/remote-command-product-group/ vendor-advisory patch

www.vulncheck.com/...ries/spreecommerce-search-parameter-rce third-party-advisory

github.com/orgs/spree product

cve.org (CVE-2011-10019)

nvd.nist.gov (CVE-2011-10019)

Download JSON