Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0039 — Command Injection in Irix

CWE-77 — Command Injection4 documents4 sources

Severity

7.3HIGHNVD

EPSS

20.7%

top 4.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SGI Irix

Timeline

PublishedMay 6

Latest updateMay 3

Description

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

▶NVDsgi/irix7 versions+6

🔴Vulnerability Details

GHSA

GHSA-j78w-x657-xvr7: webdist CGI program (webdist↗2022-05-03

▶

CVEList

CVE-1999-0039: webdist CGI program (webdist↗1999-09-29

▶

💥Exploits & PoCs

Exploit-DB

SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution↗1997-05-06

▶