CVE-2000-0287

cnc technology_bizdb - OS Command Injection via bizdb-search.cgi dbname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0287. PoCs published by PErfecto Technology.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in BizDB's bizdb-search.cgi script. The 'dbname' parameter is passed to an unchecked open() call, allowing arbitrary command execution via semicolon-separated commands. Exploitation requires a valid HTTP Referer header, which can be spoofed using tools like netcat.

Description

The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by PErfecto Technology · textremotecgi
https://www.exploit-db.com/exploits/19844

This exploit demonstrates a command injection vulnerability in BizDB's bizdb-search.cgi script. The 'dbname' parameter is passed to an unchecked open() call, allowing arbitrary command execution via semicolon-separated commands. Exploitation requires a valid HTTP Referer header, which can be spoofed using tools like netcat.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: BizDB (version not specified)
No auth needed
Prerequisites: Network access to the target · Netcat or similar tool to craft HTTP requests · Valid Referer header
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1104

Scores

EPSS 0.1062
EPSS Percentile 95.3%

Details

Status published
Products (1)
cnc/technology_bizdb 1.0
Published Apr 12, 2000
Tracked Since Feb 18, 2026