CVE-1999-1479

textcounter.pl - Remote Command Execution via Shell Metacharacters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1479. PoCs published by Doru Petrescu.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in textcounter.pl from Matt's Scripts archive. It manipulates the $DOCUMENT_URI environment variable to execute arbitrary commands via wget or lynx, potentially leading to remote code execution (RCE) with the privileges of the httpd process.

Description

The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Doru Petrescu · perlremotecgi
https://www.exploit-db.com/exploits/20583

This exploit targets a command injection vulnerability in textcounter.pl from Matt's Scripts archive. It manipulates the $DOCUMENT_URI environment variable to execute arbitrary commands via wget or lynx, potentially leading to remote code execution (RCE) with the privileges of the httpd process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: textcounter.pl (Matt's Scripts Archive)
No auth needed
Prerequisites: Access to the vulnerable textcounter.pl script · wget or lynx installed on the attacker's system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2265
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/2052
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/9609

Scores

EPSS 0.1187
EPSS Percentile 95.6%

Details

Status published
Products (1)
matt_wright/textcounter 1.2
Published Jun 24, 1998
Tracked Since Feb 18, 2026