Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Spreecommerce < 0.60.2 Search Parameter RCE
Vulnerability Description
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Spree Commerce 安全漏洞
Vulnerability Description
Spree Commerce是Spree开源的一个电子商务平台。 Spree Commerce 0.60.2之前版本存在安全漏洞,该漏洞源于搜索功能未清理输入,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A