CVE-2002-0919

CGIScript.net csPassword.cgi - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0919. PoCs published by Steve Gustin.

AI-analyzed exploit summary The exploit describes an information leakage vulnerability in CGIScript.net's csPassword.cgi script. By sending a malformed request, the script reveals debugging information due to an undefined function error.

Description

CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Steve Gustin · textwebappscgi
https://www.exploit-db.com/exploits/21494

The exploit describes an information leakage vulnerability in CGIScript.net's csPassword.cgi script. By sending a malformed request, the script reveals debugging information due to an undefined function error.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: CGIScript.net csPassword.cgi
No auth needed
Prerequisites: Access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Steve Gustin · textwebappscgi
https://www.exploit-db.com/exploits/21495

The exploit describes a vulnerability in CGIScript.net's csPassword.cgi script where authenticated users can manipulate the .htaccess file by injecting JavaScript to convert a text field into a textbox, allowing newline and special character insertion.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CGIScript.net csPassword.cgi
Auth required
Prerequisites: Authenticated access to the vulnerable CGI script
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9222.php
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4888
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/274727

Scores

EPSS 0.0310
EPSS Percentile 86.1%

Details

Status published
Products (1)
cgiscript.net/cspassword 1.0
Published Oct 04, 2002
Tracked Since Feb 18, 2026