CVE-1999-0176

webgais < 1.0b2 - Remote Command Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0176. PoCs published by Razvan Dragomirescu.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in WEBgais up to version 1.0B2. It leverages improper input validation in the Perl 'system' command by injecting malicious commands via the 'query' parameter, encapsulated in single quotes and using shell metacharacters.

Description

The Webgais program allows a remote user to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Razvan Dragomirescu · textremotecgi

https://www.exploit-db.com/exploits/20463

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in WEBgais up to version 1.0B2. It leverages improper input validation in the Perl 'system' command by injecting malicious commands via the 'query' parameter, encapsulated in single quotes and using shell metacharacters.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WEBgais up to 1.0B2

No auth needed

Prerequisites: Access to the target's web server · WEBgais CGI script accessible at /cgi-bin/webgais

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0176

Scores

EPSS 0.0872

EPSS Percentile 94.5%

Details

Status published

Products (1)

webgais_development_team/webgais < 1.0b2

Published Jul 10, 1997

Tracked Since Feb 18, 2026