CVE-2002-0612

FileSeek.cgi - Remote Command Execution via Head or Foot Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0612. PoCs published by Thijs Bosschert.

AI-analyzed exploit summary The exploit demonstrates command injection in FileSeek.cgi and FileSeek2.cgi due to improper filtering of shell metacharacters. Attackers can execute arbitrary commands with webserver privileges via crafted HTTP requests.

Description

FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Thijs Bosschert · textwebappscgi
https://www.exploit-db.com/exploits/22227

The exploit demonstrates command injection in FileSeek.cgi and FileSeek2.cgi due to improper filtering of shell metacharacters. Attackers can execute arbitrary commands with webserver privileges via crafted HTTP requests.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: FileSeek.cgi and FileSeek2.cgi from The CGI/Perl Cookbook
No auth needed
Prerequisites: Vulnerable FileSeek.cgi or FileSeek2.cgi script accessible on a web server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8857.php
Exploit, Patch, Vendor Advisory mailing-list x_refsource_vuln-dev
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html

Scores

EPSS 0.0337
EPSS Percentile 87.3%

Details

Status published
Products (1)
craig_patchett/fileseek
Published Jun 18, 2002
Tracked Since Feb 18, 2026