CVE-2001-1130

SUSE Linux 6.0-7.2 - Remote Command Execution via Sdbsearch.cgi Keylist.txt Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1130. PoCs published by Maurycy Prodeus.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in sdbsearch.cgi by manipulating the Referer header to point to a malicious keylist.txt file. The file contains a command injection payload that executes arbitrary commands when processed by the script.

Description

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Maurycy Prodeus · textremotelinux
https://www.exploit-db.com/exploits/21075

This exploit leverages a path traversal vulnerability in sdbsearch.cgi by manipulating the Referer header to point to a malicious keylist.txt file. The file contains a command injection payload that executes arbitrary commands when processed by the script.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SuSE Support Data Base (sdb) sdbsearch.cgi
No auth needed
Prerequisites: Ability to create a file on the target system · Network access to the vulnerable CGI script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7003
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/201216
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html

Scores

EPSS 0.1082
EPSS Percentile 95.3%

Details

Status published
Products (6)
suse/suse_linux 6.0
suse/suse_linux 6.3
suse/suse_linux 6.4
suse/suse_linux 7.0
suse/suse_linux 7.1
suse/suse_linux 7.2
Published Aug 02, 2001
Tracked Since Feb 18, 2026