CVE-2001-1209
zml.cgi - Unauthenticated Directory Traversal via File Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-1209. PoCs published by blackshell.
AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in zml.cgi, a Perl script for Apache, allowing arbitrary file access via null byte injection to bypass the .zml extension enforcement. The vulnerability is reported to exist in a modified version of ZML, not the official release.
Description
Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Exploits (1)
The exploit describes a directory traversal vulnerability in zml.cgi, a Perl script for Apache, allowing arbitrary file access via null byte injection to bypass the .zml extension enforcement. The vulnerability is reported to exist in a modified version of ZML, not the official release.