Arbitrary Code Execution Vulnerability in Perl's File::Find::Rule by RCLAMP
CVE-2011-10007

8.8HIGH

Key Information:

Vendor

Rclamp

Status
File::find::rule
Vendor
CVE Published:
5 June 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2011-10007?

The File::Find::Rule module for Perl versions up to 0.34 is susceptible to Arbitrary Code Execution due to a flaw in how filenames are handled by the grep() function. When provided with a crafted filename, the module invokes the 2-argument form of open(), allowing an attacker to specify the MODE parameter. This oversight enables the execution of arbitrary commands, posing a significant security risk. Users are urged to review and update their applications to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

File::Find::Rule 0 <= 0.34

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-10007 - Proof of Concept

References

https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/s...
https://rt.cpan.org/Public/Bug/Display.html?id=64504
issue-trackingexploit
https://github.com/richardc/perl-file-find-rule/pull/4
issue-tracking

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.