Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | CNet | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

spree 'rd_searchlogic' Remote Command Execution Vulnerability

http://www.securityfocus.com/bid/47543

Security Info

Bugtraq ID: 47543
Class: Unknown
CVE:
Remote: Yes
Local: No
Published: Apr 22 2011 12:00AM
Updated: Apr 22 2011 12:00AM
Credit: joernchen
Vulnerable:
Not Vulnerable:

Security Discussion

spree is prone to a remote command-execution vulnerability.

An attacker can exploit this issue to execute arbitrary commands in the context of a user running the affected webserver.

spree versions prior to 0.50.1 are vulnerable.

Proof of Concept and Security Exploits

The following exploit is available:

Security Solution(s)

Solution:
Updates are available. Please see the references for more details.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated February 22, 2012
©2000-2012 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services