Description
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Larry W. Cashdollar · textremotecgi
https://www.exploit-db.com/exploits/20041
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1402
Scores
EPSS
0.0409
EPSS Percentile
88.6%
Details
CWE
CWE-200
Status
published
Products (1)
sawmill/sawmill
5.0.21
Published
Jun 26, 2000
Tracked Since
Feb 18, 2026