CVE-2002-2219

chetcpasswd <2.1 - Info Disclosure

Title source: llm

Description

chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Victor Pereira · perlwebappscgi

https://www.exploit-db.com/exploits/22111

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10946

[Exploit, Vendor Advisory] http://www.securiteam.com/unixfocus/6C00N0K6AO.html

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1005847

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/6472

Scores

EPSS 0.0881

EPSS Percentile 92.5%

Details

Status published

Products (1)

chetcpasswd/chetcpasswd 2.1

Published Dec 31, 2002

Tracked Since Feb 18, 2026