CVE-2001-0780

Cosmicperl Directory Pro 2.0 - Path Traversal via SHOW Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0780. PoCs published by Marshal.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Webdirectory Pro due to improper input validation of the 'show' parameter, allowing arbitrary file disclosure via NULL byte injection.

Description

Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Marshal · textremotecgi
https://www.exploit-db.com/exploits/20887

This exploit demonstrates a directory traversal vulnerability in Webdirectory Pro due to improper input validation of the 'show' parameter, allowing arbitrary file disclosure via NULL byte injection.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Webdirectory Pro (Cosmicperl)
No auth needed
Prerequisites: Vulnerable Webdirectory Pro installation · Access to the CGI script
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2793
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/187182

Scores

EPSS 0.0745
EPSS Percentile 93.7%

Details

CWE
CWE-22
Status published
Products (1)
cosmicperl/directory_pro 2.0
Published Oct 18, 2001
Tracked Since Feb 18, 2026