Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0238. PoCs published by Shamanski.
AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in PHP/FI, allowing remote users to read files accessible by the httpd process. It includes a URL example demonstrating the exploit but lacks executable code.
Description
php.cgi allows attackers to read any file on the system.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Shamanski · textremotecgi
https://www.exploit-db.com/exploits/20567
The provided text describes a directory traversal vulnerability in PHP/FI, allowing remote users to read files accessible by the httpd process. It includes a URL example demonstrating the exploit but lacks executable code.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
PHP/FI (versions prior to PHP 3.0)
No auth needed
Prerequisites:
Access to the target web server
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0238
Scores
EPSS
0.0612
EPSS Percentile
92.6%
Details
Status
published
Products (3)
php/php
1.0
php/php
2.0
php/php
2.0b10
Published
Aug 01, 1997
Tracked Since
Feb 18, 2026