CVE-2000-0074

PowerScripts PlusMail - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2000-0074. PoCs published by ytcracker, missnglnk, Synnergy Networks.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in PowerScripts PlusMail Web Control Panel by resetting the administrative password without prior authentication. It generates an HTML form to submit the new credentials to the vulnerable CGI script.

Description

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.

Exploits (3)

exploitdb WORKING POC VERIFIED
by ytcracker · cremotecgi
https://www.exploit-db.com/exploits/20801

This exploit demonstrates an authentication bypass vulnerability in PowerScripts PlusMail Web Control Panel by resetting the administrative password without prior authentication. It generates an HTML form to submit the new credentials to the vulnerable CGI script.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PowerScripts PlusMail Web Control Panel (all versions)
No auth needed
Prerequisites: Target must have PlusMail installed with the default CGI path (/cgi-bin/plusmail)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by missnglnk · cremotecgi
https://www.exploit-db.com/exploits/20800

This exploit demonstrates an authentication bypass vulnerability in PowerScripts PlusMail Web Control Panel by sending a crafted POST request to reset the administrative password without prior authentication. It then sets up a local listener to serve a modified HTML form for further interaction.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: PowerScripts PlusMail Web Control Panel (version unspecified)
No auth needed
Prerequisites: Network access to the target web server · PlusMail CGI script accessible at /cgi-bin/plusmail
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Synnergy Networks · cremotecgi
https://www.exploit-db.com/exploits/20799

This exploit demonstrates an authentication bypass vulnerability in PowerScripts PlusMail Web Control Panel by sending a crafted HTTP GET request to create a new administrative account without prior authentication. The exploit leverages the lack of authentication checks in the plusmail CGI script.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PowerScripts PlusMail Web Control Panel (version not specified)
No auth needed
Prerequisites: Network access to the target server · PlusMail CGI script accessible at /cgi-bin/plusmail
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074

Scores

EPSS 0.0978
EPSS Percentile 94.9%

Details

Status published
Products (1)
powerscripts/plusmail
Published Jan 11, 2000
Tracked Since Feb 18, 2026