CNNVD-202508-3663 Information

Aug 30, 2025 cve

CNNVD ID

CNNVD-202508-3663

CVE-2009-20010

CNNVD Published: 2025-08-30

Description (Chinese)

SourceForge Dogfood CRM是SourceForge开源的一个信息管理系统。 SourceForge Dogfood CRM 2.0.10版本存在安全漏洞，该漏洞源于spell.php脚本对data参数清理不足，可能导致远程命令执行。

Description (English)

SourceForge Dogfood CRM is an open source information management system for SourceForge. Security loophole in version 2.0.10 of SourceForge Dogfood CRM, which arises from inadequate clean-up of data parameters in spel.php scripts, which may lead to remote command execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sourceforge

Published

2025-08-30

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/dogfood-crm-rce https://www.fortiguard.com/encyclopedia/ips/28547/dogfood-crm-spell-remote-command-execution https://www.exploit-db.com/exploits/16917 https://sourceforge.net/projects/dogfood/files/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/dogfood_spell_exec.rb https://access.redhat.com/security/cve/cve-2009-20010 https://nvd.nist.gov/vuln/detail/CVE-2009-20010

Share on: