Description
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Black Watch Labs · textremotemultiple
https://www.exploit-db.com/exploits/19903
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1178
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
URL Repurposed x_refsource_misc
http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Scores
EPSS
0.0713
EPSS Percentile
91.6%
Details
Status
published
Products (1)
gossamer_threads/dbman
2.0.4
Published
May 05, 2000
Tracked Since
Feb 18, 2026