CVE-2005-1628

Web-app.org Webapp - Improper Input Validation

Title source: rule

Description

apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Nikyt0x · phpwebappscgi

https://www.exploit-db.com/exploits/1004

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Alpha_Programmer · perlwebappscgi

https://www.exploit-db.com/exploits/1005

View Code ZIP pw:eip

References (6)

[Various Sources] http://www.soulblack.com.ar/repo/tools/sbwebapp.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/449517/100/200/threaded

[Exploit] http://www.securityfocus.com/bid/13637

[URL Repurposed] http://www.defacers.com.mx/advisories/3.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/449573/100/200/threaded

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/0554

Scores

EPSS 0.1737

EPSS Percentile 95.1%

Details

CWE

CWE-20

Status published

Products (3)

web-app.org/webapp 0.9.9

web-app.org/webapp 0.9.9.2

web-app.org/webapp 0.9.9.2.1

Published May 17, 2005

Tracked Since Feb 18, 2026