CVE-2002-0918

CGIScript.net csPassword.cgi - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0918.

AI-analyzed exploit summary The vulnerability in CGIScript.net's csPassword.cgi script discloses sensitive debugging information when an undefined function (remove) is called, leading to an error page with excessive details. This is an information leakage issue rather than a direct exploit.

Description

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.

Exploits (1)

exploitdb WRITEUP

webappscgi

https://www.exploit-db.com/exploits/21494

View Code ZIP pw:eip

The vulnerability in CGIScript.net's csPassword.cgi script discloses sensitive debugging information when an undefined function (remove) is called, leading to an error page with excessive details. This is an information leakage issue rather than a direct exploit.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CGIScript.net csPassword.cgi (version not specified)

No auth needed

Prerequisites: Access to the target CGI script URL

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4887

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9221.php

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/274727

Scores

EPSS 0.0350

EPSS Percentile 87.7%

Details

Status published

Products (1)

cgiscript.net/cspassword 1.0

Published Oct 04, 2002

Tracked Since Feb 18, 2026