漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Spreecommerce < 0.60.2 Search Parameter RCE
Vulnerability Description
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Spree Commerce 安全漏洞
Vulnerability Description
Spree Commerce是Spree开源的一个电子商务平台。 Spree Commerce 0.60.2之前版本存在安全漏洞,该漏洞源于搜索功能未清理输入,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A