CNNVD-202508-2513 Information
CNNVD ID
CNNVD-202508-2513
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Spree Commerce是Spree开源的一个电子商务平台。 Spree Commerce 0.50.x之前版本存在安全漏洞,该漏洞源于API搜索功能输入清理不当,可能导致远程命令执行。
Description (English)
Spree Commerce is an open-source e-commerce platform. There is a security loophole in the pre-Spree Common 0.50.x version, which stems from the inappropriate clean-up of the API search function, which may lead to remote command execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Spree
Published
2025-08-20
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/spreecommerce-api-rce https://www.exploit-db.com/exploits/17199 http://spreecommerce.com/blog/2011/04/19/security-fixes https://web.archive.org/web/20111120023342/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://github.com/spree https://nvd.nist.gov/vuln/detail/CVE-2011-10026
Patch
https://github.com/spree/spree/releases
Share on: