CVE-2002-0436

Sun Sunsolve CD sscd_suncourier.pl - CGI Command Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0436. PoCs published by Fyodor.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in the Sunsolve CD CGI script (sscd_suncourier.pl) by submitting a malicious email address containing pipe characters to execute arbitrary commands. The PoC sends an HTTP POST request with the payload to trigger remote code execution.

Description

sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Fyodor · perlremotecgi
https://www.exploit-db.com/exploits/21340

This Perl script exploits a command injection vulnerability in the Sunsolve CD CGI script (sscd_suncourier.pl) by submitting a malicious email address containing pipe characters to execute arbitrary commands. The PoC sends an HTTP POST request with the payload to trigger remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Sunsolve CD CGI script (sscd_suncourier.pl)
No auth needed
Prerequisites: Network access to the vulnerable Sunsolve CD CGI script · Perl with LWP::UserAgent and HTTP::Request::Common modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/261544
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4269
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8435.php

Scores

EPSS 0.1187
EPSS Percentile 95.6%

Details

Status published
Products (4)
sun/solaris 7.0
sun/solaris 8.0
sun/sunos 5.7
sun/sunos 5.8
Published Jul 26, 2002
Tracked Since Feb 18, 2026