CVE-2004-1782

Athena Web Registration - Remote Command Execution via Pass Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1782. PoCs published by Peter Kieser.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Athena Web Registration scripts by appending a semicolon and arbitrary command to the 'pass' parameter. The example shows executing 'whoami' via URL-encoded input.

Description

athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Peter Kieser · textwebappsphp
https://www.exploit-db.com/exploits/23513

This exploit demonstrates a command injection vulnerability in Athena Web Registration scripts by appending a semicolon and arbitrary command to the 'pass' parameter. The example shows executing 'whoami' via URL-encoded input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Athena Web Registration scripts (version unspecified)
No auth needed
Prerequisites: Vulnerable Athena Web Registration script accessible via HTTP
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9349
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16861

Scores

EPSS 0.2568
EPSS Percentile 97.7%

Details

Status published
Products (1)
david_maciejak/athena_web_registration
Published Dec 31, 2004
Tracked Since Feb 18, 2026