CVE-1999-0068

PHP - Unauthenticated Arbitrary File Read via CGI mylog Script

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0068. PoCs published by Bryan Berg.

AI-analyzed exploit summary This is a writeup describing a local file inclusion vulnerability in PHP/FI due to unsanitized user input in example scripts (mlog.html and mylog.html). The vulnerability allows an attacker to read arbitrary files on the system by manipulating the 'screen' parameter.

Description

CGI PHP mylog script allows an attacker to read any file on the target server.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Bryan Berg · textremotephp
https://www.exploit-db.com/exploits/19553

This is a writeup describing a local file inclusion vulnerability in PHP/FI due to unsanitized user input in example scripts (mlog.html and mylog.html). The vulnerability allows an attacker to read arbitrary files on the system by manipulating the 'screen' parameter.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHP/FI (early versions)
No auth needed
Prerequisites: PHP/FI with vulnerable example scripts (mlog.html or mylog.html) accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/713
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/3396

Scores

EPSS 0.0703
EPSS Percentile 93.4%

Details

Status published
Products (3)
php/php 1.0
php/php 2.0
php/php 2.0b10
Published Oct 19, 1997
Tracked Since Feb 18, 2026