CVE-2001-1010

Sambar Server - Unauthenticated Arbitrary File Write via Pagecount CGI Script

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1010. PoCs published by kyprizel.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Sambar Server's 'pagecount' script, allowing remote attackers to overwrite arbitrary files on the system. The PoC shows how crafted HTTP requests can corrupt critical files like 'autoexec.bat'.

Description

Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by kyprizel · textremotemultiple
https://www.exploit-db.com/exploits/21026

This exploit demonstrates a directory traversal vulnerability in Sambar Server's 'pagecount' script, allowing remote attackers to overwrite arbitrary files on the system. The PoC shows how crafted HTTP requests can corrupt critical files like 'autoexec.bat'.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Sambar Server (version not specified)
No auth needed
Prerequisites: Sambar Server with the 'pagecount' script enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www.sambar.com/security.htm
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3092
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6916
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html

Scores

EPSS 0.0702
EPSS Percentile 93.5%

Details

Status published
Products (2)
sambar/sambar_server 4.4
sambar/sambar_server 5.0 beta1 (4 CPE variants)
Published Jul 22, 2001
Tracked Since Feb 18, 2026