CVE-2009-20010
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-30

Last updated on: 2025-09-02

Assigner: VulnCheck

Description
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-30
Last Modified
2025-09-02
Generated
2026-05-07
AI Q&A
2025-08-30
EPSS Evaluated
2026-05-05
NVD
CVE-2009-20010
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dogfood crm 2.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2009-20010 is a critical remote command execution vulnerability in Dogfood CRM version 2.0.10. It exists in the spell.php script used by the mail subsystem, where unsanitized user input is passed via a POST request to the 'data' parameter. This input is processed by the underlying shell without proper escaping, allowing attackers to inject and execute arbitrary shell commands on the server remotely, without authentication or user interaction. [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability allows an attacker to execute arbitrary commands on the affected server remotely, potentially leading to full system compromise. Because it requires no authentication and can be exploited over the network, an attacker could gain unauthorized access, manipulate or steal sensitive data, disrupt services, or use the compromised server as a foothold for further attacks. [1, 2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a specially crafted POST request to the vulnerable spell checker URI `/dogfood/mail/spell.php` with the `data` parameter. The presence of the vulnerability is confirmed if the response contains the string "Spell Check complete". Using the Metasploit module for CVE-2009-20010 includes a check method that performs this detection automatically. A manual detection command example using curl could be: curl -X POST -d "data=test" http://<target>/dogfood/mail/spell.php and then checking if the response contains "Spell Check complete". [2, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling or restricting access to the vulnerable spell.php script in the Dogfood CRM mail subsystem, especially blocking POST requests to `/dogfood/mail/spell.php` from untrusted networks. Since the product appears to be no longer supported, applying official patches may not be possible. Implementing network-level controls such as firewall rules to restrict access, or using a web application firewall (WAF) to detect and block malicious POST requests targeting the `data` parameter can help. Additionally, consider isolating or removing the vulnerable Dogfood CRM installation until a secure version or alternative solution is available. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart