VYPR
Critical severity9.8NVD Advisory· Published Aug 20, 2025· Updated Jun 16, 2026

CVE-2011-10026

CVE-2011-10026

Description

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
spreeRubyGems
>= 0.30.0.beta1, < 0.50.00.50.0
rd_searchlogicRubyGems
<= 3.0.1

Affected products

3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.