CVE-2002-0611

FileSeek.cgi - Directory Traversal via Head or Foot Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0611. PoCs published by Thijs Bosschert.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in FileSeek.cgi and FileSeek2.cgi, allowing remote attackers to read arbitrary files outside the webroot by manipulating the 'head' and 'foot' parameters with '../' sequences.

Description

Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Thijs Bosschert · textwebappscgi
https://www.exploit-db.com/exploits/22228

This exploit demonstrates a directory traversal vulnerability in FileSeek.cgi and FileSeek2.cgi, allowing remote attackers to read arbitrary files outside the webroot by manipulating the 'head' and 'foot' parameters with '../' sequences.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FileSeek.cgi and FileSeek2.cgi from 'The CGI/Perl Cookbook'
No auth needed
Prerequisites: Vulnerable FileSeek.cgi or FileSeek2.cgi script accessible on the target server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8858.php
Exploit, Patch, Vendor Advisory mailing-list x_refsource_vuln-dev
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html

Scores

EPSS 0.0828
EPSS Percentile 94.2%

Details

Status published
Products (1)
craig_patchett/fileseek
Published Jun 18, 2002
Tracked Since Feb 18, 2026