CVE-1999-0985

CC Whois program - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0985. PoCs published by Cody T. - hhp.

AI-analyzed exploit summary The writeup describes a command injection vulnerability in older versions of Whois scripts (Matt's Whois and CGI City Whois) due to improper filtering of metacharacters like ';'. This allows arbitrary command execution with web server privileges.

Description

CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cody T. - hhp · textremotecgi
https://www.exploit-db.com/exploits/20433

The writeup describes a command injection vulnerability in older versions of Whois scripts (Matt's Whois and CGI City Whois) due to improper filtering of metacharacters like ';'. This allows arbitrary command execution with web server privileges.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Matt's Whois, CGI City Whois (older versions)
No auth needed
Prerequisites: Access to the vulnerable Whois script via HTTP
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0985

Scores

EPSS 0.0894
EPSS Percentile 94.6%

Details

Status published
Products (1)
cc/cc_whois 1.0
Published Nov 09, 1999
Tracked Since Feb 18, 2026