Spree Search ProductScope Class search[send][] Parameter Arbitrary Command Execution
Published: October 05, 2011
SECURITY IDENTIFIERS
- OSVDB: OSVDB-76011
- Vendor Advisory: https://web.archive.org/web/20121124215359/https://spreecommerce.com/blog/remote-command-product-group
GEM
PATCHED VERSIONS
>= 0.60.2
DESCRIPTION
The ProductScope class fails to properly sanitize user-supplied input via the 'search[send][]' parameter resulting in arbitrary command execution. With a specially crafted request, a remote attacker can potentially cause arbitrary command execution.