CVE-2001-0400

nph-maillist.pl - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0400. PoCs published by Kanedaaa.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in nph-maillist, a Perl CGI script for mailing lists. It bypasses input filtering by encoding and substituting restricted characters, then injects commands via the email address field.

Description

nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kanedaaa · perlremotecgi

https://www.exploit-db.com/exploits/20744

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in nph-maillist, a Perl CGI script for mailing lists. It bypasses input filtering by encoding and substituting restricted characters, then injects commands via the email address field.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: nph-maillist (version not specified)

No auth needed

Prerequisites: Access to the subscription form of the vulnerable CGI script · Network connectivity to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/175506

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2563

Scores

EPSS 0.1660

EPSS Percentile 96.6%

Details

Status published

Products (2)

matt_tourtillott/nph-maillist 3.0

matt_tourtillott/nph-maillist 3.5

Published Jul 02, 2001

Tracked Since Feb 18, 2026