CVE-2011-10019
Spreecommerce < 0.60.2 Search Parameter RCE
In short
Spreecommerce below version 0.60.2 has a critical flaw in its search feature that lets attackers run any command on the server. The vulnerability exists because user input in the search parameter is not properly cleaned before being executed.
Technical detail
The vulnerability exploits unsafe use of Ruby's send() method on unsanitized search[send][] parameter input, enabling unauthenticated remote code execution. No special conditions are required; attackers can directly invoke arbitrary methods and execute system commands with server privileges.
Summary generated and translated by AI from the official description.
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Spreecommerce · Spreecommercepublic PoCs found — 2
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/spree_search_exec.rbunverifiedcve_referencewww.exploit-db.com/exploits/17941unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/orgs/spreehttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/spree_search_exec.rbhttps://web.archive.org/web/20111009192436/http://spreecommerce.com/blog/2011/10/05/remote-command-product-group/https://www.exploit-db.com/exploits/17941https://www.vulncheck.com/advisories/spreecommerce-search-parameter-rce