CVE-2011-10019 in Spreecommerceinfo

Zusammenfassung

von MITRE • 14.08.2025

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

13.08.2025

Veröffentlichung

14.08.2025

Moderieren

akzeptiert

Eintrag

VDB-320052

CPE

bereit

CWE

CWE-94 (bestätigt)

Exploit

Download

CVSS

9.8 (NVD)

EPSS

0.69310

KEV

nein

Aktivitäten

very low

Sektor

Transportation, Telecommunication, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-10019
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-10019
CVE Details	https://www.cvedetails.com/cve/CVE-2011-10019/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!