CVE-2000-0213

Sambar Server < 4.2 - Remote Command Execution via CGI Batch Files

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0213. PoCs published by Georich Chorbadzhiyski.

AI-analyzed exploit summary This exploit leverages default batch files in Sambar Server's cgi-bin directory to execute arbitrary commands with administrator privileges via command injection. The PoC demonstrates directory listing commands but can be extended to other system operations.

Description

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Georich Chorbadzhiyski · textremotewindows
https://www.exploit-db.com/exploits/19761

This exploit leverages default batch files in Sambar Server's cgi-bin directory to execute arbitrary commands with administrator privileges via command injection. The PoC demonstrates directory listing commands but can be extended to other system operations.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Sambar Web/FTP/Proxy Server (Windows NT/2000)
No auth needed
Prerequisites: Sambar Server with default batch files in cgi-bin · Network access to the server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1002
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3%40cybcom.net

Scores

EPSS 0.1000
EPSS Percentile 95.0%

Details

Status published
Products (1)
sambar/sambar_server < 4.2
Published Feb 23, 2000
Tracked Since Feb 18, 2026