4 matches found
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchsend parameter, which is dynamically invoked using the send method. An attacker can execute arbitrary commands on the server by supplying crafted input to this parameter. Remediation Upgrade spree ...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
GHSA-97VM-C39P-JR86 Spree has Remote Command Execution vulnerability in search functionality
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...