### [CVE-2011-10007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-10007)
![](https://img.shields.io/static/v1?label=Product&message=File%3A%3AFind%3A%3ARule&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brightgreen)

### Description

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.Example:$ mkdir /tmp/poc; echo > "/tmp/poc/|id"$ perl -MFile::Find::Rule \    -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'uid=1000(user) gid=1000(user) groups=1000(user),100(users)

### POC

#### Reference
- http://www.openwall.com/lists/oss-security/2025/06/05/4
- https://github.com/richardc/perl-file-find-rule/pull/4

#### Github
- https://github.com/w4zu/Debian_security