CVE-2001-0024

simplestmail.cgi - Remote Command Execution via MyEmail Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0024. PoCs published by rpc.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Leif M. Wright's simplestmail.cgi due to improper filtering of shell metacharacters in the open() function. The provided HTML form allows an attacker to execute arbitrary shell commands with the privileges of the webserver.

Description

simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rpc · htmlremotecgi

https://www.exploit-db.com/exploits/20503

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Leif M. Wright's simplestmail.cgi due to improper filtering of shell metacharacters in the open() function. The provided HTML form allows an attacker to execute arbitrary shell commands with the privileges of the webserver.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Leif M. Wright's simplestmail.cgi

No auth needed

Prerequisites: Access to the vulnerable CGI script

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2102

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5739

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-12/0136.html

Scores

EPSS 0.0544

EPSS Percentile 91.7%

Details

Status published

Products (1)

leif_m._wright/simplestmail.cgi 1.0

Published Feb 12, 2001

Tracked Since Feb 18, 2026