Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0934. PoCs published by anonymous.
AI-analyzed exploit summary The exploit describes an input validation vulnerability in Classifieds.cgi, allowing arbitrary file reads via the 'return' form field by injecting redirection metacharacters. This can lead to information disclosure with web server privileges.
Description
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by anonymous · textremotecgi
https://www.exploit-db.com/exploits/20444
The exploit describes an input validation vulnerability in Classifieds.cgi, allowing arbitrary file reads via the 'return' form field by injecting redirection metacharacters. This can lead to information disclosure with web server privileges.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Classifieds.cgi (part of the classifieds package by Greg Matthews)
No auth needed
Prerequisites:
Access to the web form with the vulnerable 'return' field
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3102
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2020
Scores
EPSS
0.0679
EPSS Percentile
93.2%
Details
Status
published
Published
Dec 15, 1999
Tracked Since
Feb 18, 2026