CVE-2000-0588

SawMill 5.0.21 - Unauthenticated Arbitrary File Read via rfcf Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0588. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Sawmill to disclose the first line of any world-readable file by crafting a malicious HTTP request. The vulnerability allows unauthorized access to sensitive information such as /etc/passwd.

Description

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Larry W. Cashdollar · textremotecgi
https://www.exploit-db.com/exploits/20041

This exploit leverages a path traversal vulnerability in Sawmill to disclose the first line of any world-readable file by crafting a malicious HTTP request. The vulnerability allows unauthorized access to sensitive information such as /etc/passwd.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sawmill (versions prior to the fix for CVE-2000-0588)
No auth needed
Prerequisites: Knowledge of the target's Sawmill installation path · World-readable file path on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1402

Scores

EPSS 0.0749
EPSS Percentile 93.7%

Details

CWE
CWE-200
Status published
Products (1)
sawmill/sawmill 5.0.21
Published Jun 26, 2000
Tracked Since Feb 18, 2026