CVE-2001-1138

Randy Parker Power Up HTML 0.8033beta - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1138. PoCs published by Steve Shepherd.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Power Up HTML's CGI script (r.cgi) that allows arbitrary file access via ../ sequences. No actual exploit code is provided, only a URL example demonstrating the vulnerability.

Description

Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Steve Shepherd · textremotecgi
https://www.exploit-db.com/exploits/21102

The exploit describes a directory traversal vulnerability in Power Up HTML's CGI script (r.cgi) that allows arbitrary file access via ../ sequences. No actual exploit code is provided, only a URL example demonstrating the vulnerability.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Power Up HTML (version unspecified)
No auth needed
Prerequisites: Web server with Power Up HTML installed · Access to the CGI script (r.cgi)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/212679
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7092
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3304

Scores

EPSS 0.1026
EPSS Percentile 95.1%

Details

Status published
Products (1)
randy_parker/power_up_html 0.8033_beta
Published Sep 07, 2001
Tracked Since Feb 18, 2026