CVE-2011-10019
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-09-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| spreecommerce | spree | to 0.60.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2011-10019 is a critical remote command execution vulnerability in Spreecommerce versions prior to 0.60.2. It occurs because the application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby's send method. This flaw allows attackers to inject and execute arbitrary shell commands on the server remotely without any authentication or privileges. [1, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing remote attackers to execute arbitrary commands on the server hosting the Spreecommerce application. This can lead to full compromise of the server, unauthorized data access, data modification, service disruption, and potentially complete loss of confidentiality, integrity, and availability of the system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable Spreecommerce version (prior to 0.60.2) and by attempting to exploit the flaw using crafted HTTP GET requests targeting the search[send][] parameter. A practical approach is to use the Metasploit module (EDB-ID 17941) which automates sending specially crafted requests to test for arbitrary command execution. Alternatively, manual detection can involve sending HTTP GET requests with payloads in the search[send][] parameter to see if commands are executed on the server. For example, using curl to send a request like: curl 'http://targetsite/search?search[send][]=eval&search[send][]=Kernel.fork%20do%60id%60end' and observing if the command output or side effects occur. Monitoring HTTP requests for unusual parameters like search[send][] and checking server logs for unexpected command execution can also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Spreecommerce to version 0.60.2 or later, as this version contains the fix for the remote command execution vulnerability. If upgrading is not immediately possible, applying the custom fix based on the related commit as provided by the Spreecommerce team is recommended. Additionally, restricting access to the vulnerable search functionality, implementing input validation and sanitization on the search[send][] parameter, and monitoring for suspicious HTTP requests targeting this parameter can help reduce risk until the patch is applied. [4]