CNNVD-202508-1460 Information

CNNVD ID

CNNVD-202508-1460

Related CVE

CVE-2011-10019

• CNNVD Published: 2025-08-13

Description (Chinese)

Spree Commerce是Spree开源的一个电子商务平台。 Spree Commerce 0.60.2之前版本存在安全漏洞，该漏洞源于搜索功能未清理输入，可能导致远程命令执行。

Description (English)

Spree Commerce is an open-source e-commerce platform. There is a security loophole in the pre-Spree Common 0.60.2 version, which stems from the uncleaned input of the search function and may lead to remote command execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Spree

Published

2025-08-13

Last Modified

2026-02-24

References

http://spreecommerce.com/blog/2011/10/05/remote-command-product-group/ https://web.archive.org/web/20111009192436/ https://www.exploit-db.com/exploits/17941 https://www.vulncheck.com/advisories/spreecommerce-search-parameter-rce https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://github.com/orgs/spree https://access.redhat.com/security/cve/cve-2011-10019 https://nvd.nist.gov/vuln/detail/CVE-2011-10019