CVE-1999-0266
Description
The info2www CGI script is vulnerable to remote file access and command execution due to improper input parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The info2www CGI script is vulnerable to remote file access and command execution due to improper input parsing.
Vulnerability
The info2www CGI script, which provides HTTP access to GNU EMACS Info Nodes, fails to properly parse input. This vulnerability allows for remote command execution on the server with the privileges of the web server process. Affected versions are not explicitly stated but the exploit targets versions 1.0 and 1.1 [1].
Exploitation
An attacker can exploit this vulnerability by sending specially crafted input as part of a variable to the info2www script. This can be done remotely via an HTTP request, for example, by including commands within the URL that are intended to be executed by the script [1].
Impact
A successful exploitation allows an attacker to execute arbitrary commands on the server. The potential consequences include anything the web server process has permissions to do, such as web site defacement or reading sensitive files like /etc/passwd [1].
Mitigation
No specific patched version or release date is disclosed in the available references. Users are advised to disable or remove the info2www script if it is not essential. If the script must remain enabled, it should be secured to prevent unauthorized access and command injection [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:a:roar_smith:info2www:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.