CVE-1999-0238

PHP - Unauthenticated Arbitrary File Read via php.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0238. PoCs published by Shamanski.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in PHP/FI, allowing remote users to read files accessible by the httpd process. It includes a URL example demonstrating the exploit but lacks executable code.

Description

php.cgi allows attackers to read any file on the system.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Shamanski · textremotecgi
https://www.exploit-db.com/exploits/20567

The provided text describes a directory traversal vulnerability in PHP/FI, allowing remote users to read files accessible by the httpd process. It includes a URL example demonstrating the exploit but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHP/FI (versions prior to PHP 3.0)
No auth needed
Prerequisites: Access to the target web server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0238

Scores

EPSS 0.0612
EPSS Percentile 92.6%

Details

Status published
Products (3)
php/php 1.0
php/php 2.0
php/php 2.0b10
Published Aug 01, 1997
Tracked Since Feb 18, 2026