CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Rubys send method. This flaw enables unauthenticated attackers to execute commands on the server.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
spreecommercespree
𝑥
< 0.50.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/spree
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/spree_searchlogic_exec.rb
https://web.archive.org/web/20111120023342/http://spreecommerce.com/blog/2011/04/19/security-fixes
https://www.exploit-db.com/exploits/17199
https://www.vulncheck.com/advisories/spreecommerce-api-rce