CVE-2021-47752

HIGH

AWebServer GhostBuilding 18 - Denial of Service via High-Volume HTTP Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47752. PoCs published by Andres Ramos.

AI-analyzed exploit summary This exploit performs a Denial of Service (DoS) attack against AWebServer GhostBuilding 18 by flooding the target URL and its '/mysqladmin' endpoint with HTTP GET requests using multiple threads. The script leverages the `requests` library to generate traffic and `pwntools` for logging.

Description

AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the service unresponsive.

Exploits (1)

exploitdb WORKING POC
by Andres Ramos · pythonremoteandroid
https://www.exploit-db.com/exploits/50629

This exploit performs a Denial of Service (DoS) attack against AWebServer GhostBuilding 18 by flooding the target URL and its '/mysqladmin' endpoint with HTTP GET requests using multiple threads. The script leverages the `requests` library to generate traffic and `pwntools` for logging.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: AWebServer GhostBuilding 18
No auth needed
Prerequisites: Target URL · Python 3 · requests library · pwntools library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0049
EPSS Percentile 38.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (2)
sylkat-tools/awebserver 18
Sylkat-Tools/AWebServer GhostBuilding AWebServer GhostBuilding 18
Published Jan 15, 2026
Tracked Since Feb 18, 2026