CVE-2003-0243

Happycgi.com Happymall 4.3 and 4.4 - Remote Command Execution via File Parameter in normal_html.cgi or member_html.cgi

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0243. PoCs published by Revin Aldi.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in HappyMall E-Commerce software via the `member_html.cgi` and `normal_html.cgi` scripts. It allows arbitrary command execution by injecting commands through the `file` parameter.

Description

Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Revin Aldi · perlwebappscgi

https://www.exploit-db.com/exploits/22572

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in HappyMall E-Commerce software via the `member_html.cgi` and `normal_html.cgi` scripts. It allows arbitrary command execution by injecting commands through the `file` parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HappyCGI HappyMall 4.3, 4.4

No auth needed

Prerequisites: Network access to the target web server · Vulnerable HappyMall installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Revin Aldi · perlwebappscgi

https://www.exploit-db.com/exploits/22571

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in HappyMall E-Commerce software via the normal_html.cgi script. It allows arbitrary command execution by manipulating the 'file' parameter, providing a shell-like interface to interact with the vulnerable system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HappyCGI HappyMall 4.3, HappyCGI HappyMall 4.4

No auth needed

Prerequisites: Network access to the vulnerable HappyMall instance · The normal_html.cgi script must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1006707

Scores

EPSS 0.0346

EPSS Percentile 87.5%

Details

Status published

Products (2)

happycgi/happymall 4.3

happycgi/happymall 4.4

Published May 27, 2003

Tracked Since Feb 18, 2026