Vulnerabilities > CVE-2011-4929 - Unspecified vulnerability in Redmine

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

redmine

exploit available

metasploit

NVD

Published: 2012-10-08

Updated: 2012-10-09

Summary

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Redmine Redmine Redmine 0.9.0 Redmine Redmine 0.9.6 Redmine Redmine 1.0.0 Redmine Redmine 1.0.3 Redmine Redmine 0.9.5 Redmine Redmine 0.9.2 Redmine Redmine 0.9.4 Redmine Redmine 0.9.3 Redmine Redmine 1.0.2 Redmine Redmine 0.9.1 Redmine Redmine 1.0.1 Redmine Redmine 1.0.4	12

Exploit-Db

description	Redmine SCM Repository - Arbitrary Command Execution (Metasploit). CVE-2011-4929. Remote exploit for Linux platform
id	EDB-ID:41695
last seen	2017-03-23
modified	2010-12-19
published	2010-12-19
reporter	Exploit-DB
source	https://www.exploit-db.com/download/41695/
title	Redmine SCM Repository - Arbitrary Command Execution (Metasploit)

Metasploit

description	This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.
id	MSF:EXPLOIT/UNIX/WEBAPP/REDMINE_SCM_EXEC
last seen	2020-05-21
modified	2017-07-24
published	2010-12-25
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4929 http://www.redmine.org/news/49
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/redmine_scm_exec.rb
title	Redmine SCM Repository Arbitrary Command Execution

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

References