CVE-1999-0148

IRIX - OS Command Injection via Handler CGI Program

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0148. PoCs published by Razvan Dragomirescu.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in the 'handler' CGI program on Silicon Graphics IRIX systems. By appending arbitrary commands to the URL path, an attacker can execute them with the privileges of the web server user.

Description

The handler CGI program in IRIX allows arbitrary command execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Razvan Dragomirescu · textremotemultiple

https://www.exploit-db.com/exploits/19303

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in the 'handler' CGI program on Silicon Graphics IRIX systems. By appending arbitrary commands to the URL path, an attacker can execute them with the privileges of the web server user.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Silicon Graphics IRIX (cgi-bin/handler)

No auth needed

Prerequisites: Network access to the target's web server · Vulnerable IRIX system with the 'handler' CGI program

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/380

Scores

EPSS 0.1046

EPSS Percentile 95.2%

Details

Status published

Products (4)

sgi/irix 5.3

sgi/irix 6.2

sgi/irix 6.3

sgi/irix 6.4

Published Sep 01, 1997

Tracked Since Feb 18, 2026