CVE-2005-1628

WebAPP 0.9.9.2.1 - Remote Command Execution via apage.cgi f Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1628. PoCs published by Nikyt0x, Alpha_Programmer.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in WebAPP v0.9.9.2.1 via the apage.cgi script. It sends a crafted HTTP GET request with a command embedded in the 'f' parameter, which is then executed on the server.

Description

apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Nikyt0x · phpwebappscgi
https://www.exploit-db.com/exploits/1004

This exploit targets a command injection vulnerability in WebAPP v0.9.9.2.1 via the apage.cgi script. It sends a crafted HTTP GET request with a command embedded in the 'f' parameter, which is then executed on the server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WebAPP v0.9.9.2.1
No auth needed
Prerequisites: Network access to the target server · apage.cgi script accessible on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Alpha_Programmer · perlwebappscgi
https://www.exploit-db.com/exploits/1005

This Perl script exploits a command injection vulnerability in WebAPP's apage.cgi by injecting commands via the 'f' parameter. It downloads and executes a backdoor script from a remote server, then attempts to establish a reverse shell on port 4444.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WebAPP apage.cgi (version not specified)
No auth needed
Prerequisites: Target must have vulnerable WebAPP apage.cgi exposed · Target must allow outbound connections to download the backdoor script · Attacker must be able to reach the target on port 80
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
http://www.soulblack.com.ar/repo/tools/sbwebapp.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449517/100/200/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13637
URL Repurposed x_refsource_misc
http://www.defacers.com.mx/advisories/3.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449573/100/200/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0554

Scores

EPSS 0.1064
EPSS Percentile 95.2%

Details

CWE
CWE-20
Status published
Products (3)
web-app.org/webapp 0.9.9
web-app.org/webapp 0.9.9.2
web-app.org/webapp 0.9.9.2.1
Published May 17, 2005
Tracked Since Feb 18, 2026