CVE-2021-42342

CRITICAL

GoAhead 4.0.0-4.1.3 and 5.x < 5.1.5 - Unrestricted File Upload via CGI Environment Variable Tunneling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-42342. PoCs published by kimusan.

AI-analyzed exploit summary This PoC exploits CVE-2021-42342 in Goahead Webserver pre-5.1.5 by leveraging a flaw in the file upload filter that allows setting environment variables without the CGI_ prefix, leading to RCE via LD_PRELOAD. The exploit involves uploading a malicious shared object and triggering its execution.

Description

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

Exploits (2)

nomisec WORKING POC 22 stars

by kimusan · poc

https://github.com/kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-

View Code ZIP pw:eip

This PoC exploits CVE-2021-42342 in Goahead Webserver pre-5.1.5 by leveraging a flaw in the file upload filter that allows setting environment variables without the CGI_ prefix, leading to RCE via LD_PRELOAD. The exploit involves uploading a malicious shared object and triggering its execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Goahead Webserver < 5.1.5

No auth needed

Prerequisites: Target running vulnerable Goahead Webserver · Ability to upload files to the server

MITRE ATT&CK

T1559.001 - Component Object Model T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/mr-xn/cve-2021-42342

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-42342, targeting the Goahead webserver pre-5.1.5. The exploit leverages LD_PRELOAD to execute arbitrary code via a shared library, demonstrating both a simple 'Hello World' payload and a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Goahead webserver pre-5.1.5

No auth needed

Prerequisites: compiled shared library (poc.so) · access to the target's /cgi-bin/ endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/embedthis/goahead/issues/305

Scores

CVSS v3 9.8

EPSS 0.7760

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

embedthis/goahead 4.0.0 - 4.1.3

Published Oct 14, 2021

Tracked Since Feb 18, 2026