CVE-2009-20010

critical

Description

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO.

References

https://www.vulncheck.com/advisories/dogfood-crm-rce

https://www.fortiguard.com/encyclopedia/ips/28547/dogfood-crm-spell-remote-command-execution

https://www.exploit-db.com/exploits/16917

https://sourceforge.net/projects/dogfood/files/

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/dogfood_spell_exec.rb

Details

Source: Mitre, NVD

Published: 2025-08-30

Updated: 2025-08-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00859