CVE-1999-0264

Miva HTMLScript - Unauthenticated Arbitrary File Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0264. PoCs published by Dennis Moore.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Miva's htmlscript CGI program prior to version 2.9932. An attacker can read arbitrary files by appending relative paths to the URL, leveraging insufficient path sanitization.

Description

htmlscript CGI program allows remote read access to files.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dennis Moore · textremotecgi
https://www.exploit-db.com/exploits/20434

The exploit describes a directory traversal vulnerability in Miva's htmlscript CGI program prior to version 2.9932. An attacker can read arbitrary files by appending relative paths to the URL, leveraging insufficient path sanitization.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Miva htmlscript < 2.9932
No auth needed
Prerequisites: Access to the vulnerable CGI script via HTTP
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0264

Scores

EPSS 0.0585
EPSS Percentile 92.3%

Details

Status published
Products (1)
miva/htmlscript
Published Jan 27, 1998
Tracked Since Feb 18, 2026