CVE-2002-2420

Super Site Searcher - Remote Command Execution via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-2420. PoCs published by luca.ercoli, krdsploit.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Super Site Searcher and Simple Site Searcher. The vulnerability arises from inadequate filtering of shell metacharacters in the 'page' parameter, allowing arbitrary command execution with the privileges of the webserver process.

Description

site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by luca.ercoli · textwebappscgi
https://www.exploit-db.com/exploits/21768

This exploit demonstrates a command injection vulnerability in Super Site Searcher and Simple Site Searcher. The vulnerability arises from inadequate filtering of shell metacharacters in the 'page' parameter, allowing arbitrary command execution with the privileges of the webserver process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Super Site Searcher, Simple Site Searcher
No auth needed
Prerequisites: Access to the vulnerable CGI script
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by krdsploit · poc
https://github.com/krdsploit/CVE-2002-2420

This repository contains a Metasploit module for CVE-2002-2420, which exploits a command injection vulnerability in Super Site Searcher's site_searcher.cgi via shell metacharacters in the 'page' parameter. The exploit allows remote command execution on the target system.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Super Site Searcher (site_searcher.cgi)
No auth needed
Prerequisites: Target URL with vulnerable site_searcher.cgi · Network access to the target
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1005190
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5605

Scores

EPSS 0.0609
EPSS Percentile 92.5%

Details

CWE
CWE-20
Status published
Products (2)
independent_solution/simple_site_searcher
independent_solution/super_site_searcher
Published Dec 31, 2002
Tracked Since Feb 18, 2026