CVE-2001-0022

simplestguest.cgi - Remote Command Execution via Guestbook Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0022. PoCs published by suid.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Leif M. Wright's simplestguest.cgi due to improper filtering of shell metacharacters in the guestbook parameter. An attacker can execute arbitrary commands with the privileges of the webserver by submitting a crafted HTML form.

Description

simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by suid · htmlremotecgi

https://www.exploit-db.com/exploits/20506

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Leif M. Wright's simplestguest.cgi due to improper filtering of shell metacharacters in the guestbook parameter. An attacker can execute arbitrary commands with the privileges of the webserver by submitting a crafted HTML form.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Leif M. Wright's simplestguest.cgi

No auth needed

Prerequisites: Access to the target web application with the vulnerable CGI script

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2106

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-12/0168.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5743

Scores

EPSS 0.1257

EPSS Percentile 95.7%

Details

Status published

Products (1)

leif_m._wright/simplestguest.cgi 2.0

Published Feb 12, 2001

Tracked Since Feb 18, 2026