CVE-2001-0985

Hassan Consulting Shopping Cart 1.23 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0985. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Hassan Consulting's Shopping Cart software. It allows arbitrary command execution by injecting shell metacharacters (e.g., ';', '|') into the 'page' parameter of the 'shop.pl' CGI script.

Description

shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alexey Sintsov · perlremotecgi
https://www.exploit-db.com/exploits/21104

This exploit targets a command injection vulnerability in Hassan Consulting's Shopping Cart software. It allows arbitrary command execution by injecting shell metacharacters (e.g., ';', '|') into the 'page' parameter of the 'shop.pl' CGI script.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Hassan Consulting's Shopping Cart Version 1.18
No auth needed
Prerequisites: Network access to the target web server · Presence of vulnerable 'shop.pl' CGI script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3308
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/212827
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7106
Patch x_refsource_misc
http://www.irata.com/shopver.html

Scores

EPSS 0.0387
EPSS Percentile 88.8%

Details

Status published
Products (1)
hassan_consulting/shopping_cart 1.23
Published Sep 08, 2001
Tracked Since Feb 18, 2026