CVE-2001-0114

OmniHTTPd 2.07 - Arbitrary File Write via statsconfig.pl cgidir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0114. PoCs published by Joe Testa.

AI-analyzed exploit summary This exploit targets CVE-2001-0114 in OmniHTTPD's statsconfig.pl CGI script, allowing arbitrary command execution or file corruption via malformed form variables. It leverages improper input validation to inject Perl commands or truncate files.

Description

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Joe Testa · perlremotewindows

https://www.exploit-db.com/exploits/20557

View Code ZIP pw:eip

This exploit targets CVE-2001-0114 in OmniHTTPD's statsconfig.pl CGI script, allowing arbitrary command execution or file corruption via malformed form variables. It leverages improper input validation to inject Perl commands or truncate files.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OmniHTTPD v2.07 (and possibly older versions)

No auth needed

Prerequisites: Target must have OmniHTTPD with statsconfig.pl installed · Network access to the web server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2211

Scores

EPSS 0.0202

EPSS Percentile 78.4%

Details

Status published

Products (1)

omnicron/omnihttpd 2.0.7

Published Mar 12, 2001

Tracked Since Feb 18, 2026