CVE-1999-0934

classifieds.cgi - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0934. PoCs published by anonymous.

AI-analyzed exploit summary The exploit describes an input validation vulnerability in Classifieds.cgi, allowing arbitrary file reads via the 'return' form field by injecting redirection metacharacters. This can lead to information disclosure with web server privileges.

Description

classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by anonymous · textremotecgi
https://www.exploit-db.com/exploits/20444

The exploit describes an input validation vulnerability in Classifieds.cgi, allowing arbitrary file reads via the 'return' form field by injecting redirection metacharacters. This can lead to information disclosure with web server privileges.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Classifieds.cgi (part of the classifieds package by Greg Matthews)
No auth needed
Prerequisites: Access to the web form with the vulnerable 'return' field
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3102
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2020

Scores

EPSS 0.0679
EPSS Percentile 93.2%

Details

Status published
Published Dec 15, 1999
Tracked Since Feb 18, 2026