CVE-2004-1782
Athena Web Registration - Remote Command Execution via Pass Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1782. PoCs published by Peter Kieser.
AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Athena Web Registration scripts by appending a semicolon and arbitrary command to the 'pass' parameter. The example shows executing 'whoami' via URL-encoded input.
Description
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Peter Kieser · textwebappsphp
https://www.exploit-db.com/exploits/23513
This exploit demonstrates a command injection vulnerability in Athena Web Registration scripts by appending a semicolon and arbitrary command to the 'pass' parameter. The example shows executing 'whoami' via URL-encoded input.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
Athena Web Registration scripts (version unspecified)
No auth needed
Prerequisites:
Vulnerable Athena Web Registration script accessible via HTTP
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9349
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/16861
Scores
EPSS
0.2568
EPSS Percentile
97.7%
Details
Status
published
Products (1)
david_maciejak/athena_web_registration
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026