CVE-2001-0023

everythingform.cgi - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0023. PoCs published by rpc.

AI-analyzed exploit summary This exploit leverages an input validation vulnerability in Leif M. Wright's everything.cgi Perl script. The 'config' field fails to filter shell commands, allowing arbitrary command execution with web server privileges via a crafted POST request.

Description

everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rpc · htmlremotecgi

https://www.exploit-db.com/exploits/20497

View Code ZIP pw:eip

This exploit leverages an input validation vulnerability in Leif M. Wright's everything.cgi Perl script. The 'config' field fails to filter shell commands, allowing arbitrary command execution with web server privileges via a crafted POST request.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: everything.cgi (Perl-based form design tool)

No auth needed

Prerequisites: Access to the vulnerable everything.cgi endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2101

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5736

Scores

EPSS 0.1439

EPSS Percentile 96.2%

Details

Status published

Products (1)

leif_m._wright/everythingform.cgi 2.0

Published Feb 12, 2001

Tracked Since Feb 18, 2026