CVE-2000-0207

SGI InfoSearch < - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0207. PoCs published by rpc.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in the InfoSearch package's infosrch.cgi script. It allows remote command execution by manipulating the 'fname' parameter, providing an interactive shell to the attacker.

Description

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rpc · perlremoteirix

https://www.exploit-db.com/exploits/19788

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in the InfoSearch package's infosrch.cgi script. It allows remote command execution by manipulating the 'fname' parameter, providing an interactive shell to the attacker.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: InfoSearch (infosrch.cgi)

No auth needed

Prerequisites: Target must have InfoSearch installed with vulnerable infosrch.cgi accessible · Target must allow outbound connections to the attacker

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1031

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P

Scores

EPSS 0.0766

EPSS Percentile 93.8%

Details

Status published

Products (10)

sgi/infosearch 1.0

sgi/irix 6.5

sgi/irix 6.5.1

sgi/irix 6.5.2m

sgi/irix 6.5.3

sgi/irix 6.5.3f

sgi/irix 6.5.3m

sgi/irix 6.5.4

sgi/irix 6.5.6

sgi/irix 6.5.7

Published Mar 01, 2000

Tracked Since Feb 18, 2026