CVE-2005-2812

man2web - Remote Code Execution via -P Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2812. PoCs published by tracewar.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in man2web CGI scripts by crafting malicious HTTP GET requests with encoded spaces. It supports multiple targets (man-cgi, man2web, man2html) and executes arbitrary commands via the '-P' parameter.

Description

man2web allows remote attackers to execute arbitrary commands via -P arguments.

Exploits (1)

exploitdb WORKING POC VERIFIED

by tracewar · cwebappscgi

https://www.exploit-db.com/exploits/1194

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in man2web CGI scripts by crafting malicious HTTP GET requests with encoded spaces. It supports multiple targets (man-cgi, man2web, man2html) and executes arbitrary commands via the '-P' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: man2web CGI scripts (man-cgi, man2web, man2html)

No auth needed

Prerequisites: Network access to vulnerable CGI script · Target CGI script must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14747

Scores

EPSS 0.0749

EPSS Percentile 93.7%

Details

Status published

Products (2)

man2web/man2web 0.87

man2web/man2web 0.88

Published Sep 07, 2005

Tracked Since Feb 18, 2026