CVE-2011-10026

EUVD-2011-5250
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
spreecommercespree
𝑥
< 0.50.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/spree
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/spree_searchlogic_exec.rb
https://web.archive.org/web/20111120023342/http://spreecommerce.com/blog/2011/04/19/security-fixes
https://www.exploit-db.com/exploits/17199
https://www.vulncheck.com/advisories/spreecommerce-api-rce