VYPR

Spreecommerce

by Spree

Source repositories

CVEs (2)

  • CVE-2011-10019CriAug 13, 2025
    risk 0.67cvss 9.8epss 0.04

    Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows…

  • CVE-2011-10026CriAug 20, 2025
    risk 0.60cvss 9.8epss 0.02

    Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using…