CVE-2011-4929

Redmine 0.9.x-1.0.x - Remote Code Execution via Bazaar Repository Adapter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4929. PoCs published by Metasploit, including Metasploit module exploits/unix/webapp/redmine_scm_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2011-4929, a command injection vulnerability in Redmine's SCM repository controller. It sends a crafted GET request with a malicious `rev` parameter to execute arbitrary commands on the target system.

Description

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/41695

This Metasploit module exploits CVE-2011-4929, a command injection vulnerability in Redmine's SCM repository controller. It sends a crafted GET request with a malicious `rev` parameter to execute arbitrary commands on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Redmine (versions prior to fix)
No auth needed
Prerequisites: Network access to the Redmine instance · Redmine repository feature enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/redmine_scm_exec.rb

This Metasploit module exploits a command injection vulnerability in Redmine's SCM repository controller by passing a malicious `rev` parameter to execute arbitrary commands. The exploit sends a crafted HTTP GET request with the payload encoded in the `rev` parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Redmine (versions affected by CVE-2011-4929)
No auth needed
Prerequisites: Network access to the Redmine instance · SCM repository feature enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/06/5
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2261
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/06/7
Vendor Advisory x_refsource_confirm
http://www.redmine.org/news/49

Scores

EPSS 0.7361
EPSS Percentile 98.8%

Details

Status published
Products (12)
redmine/redmine 0.9.0
redmine/redmine 0.9.1
redmine/redmine 0.9.2
redmine/redmine 0.9.3
redmine/redmine 0.9.4
redmine/redmine 0.9.5
redmine/redmine 0.9.6
redmine/redmine 1.0.0
redmine/redmine 1.0.1
redmine/redmine 1.0.2
... and 2 more
Published Oct 08, 2012
Tracked Since Feb 18, 2026