CVE-2005-2420
FtpLocate 2.02 - Remote Command Execution via flsearch.pl Shell Metacharacters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-2420. PoCs published by newbug.
AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in FtpLocate <= 2.02 via the 'fsite' parameter in the flsearch.pl CGI script. It allows remote command execution or file upload by injecting commands through HTTP GET requests.
Description
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by newbug · perlwebappscgi
https://www.exploit-db.com/exploits/1120
This Perl script exploits a command injection vulnerability in FtpLocate <= 2.02 via the 'fsite' parameter in the flsearch.pl CGI script. It allows remote command execution or file upload by injecting commands through HTTP GET requests.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
FtpLocate <= 2.02
No auth needed
Prerequisites:
Network access to the target CGI script · Target running FtpLocate <= 2.02 with vulnerable flsearch.pl
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112230697123357&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21540
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014570
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14367
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16218
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/18305
Scores
EPSS
0.0558
EPSS Percentile
91.9%
Details
Status
published
Published
Aug 03, 2005
Tracked Since
Feb 18, 2026