CVE-2002-1559

ion_script - Directory Traversal via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1559. PoCs published by Zero X.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in ION Script, allowing remote attackers to read arbitrary files via malicious HTTP requests. No actual exploit code is present, only examples of exploit URLs.

Description

Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Zero X · textwebappscgi
https://www.exploit-db.com/exploits/21979

The provided text describes a directory traversal vulnerability in ION Script, allowing remote attackers to read arbitrary files via malicious HTTP requests. No actual exploit code is present, only examples of exploit URLs.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: ION Script (version unspecified)
No auth needed
Prerequisites: Target running vulnerable ION Script · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10518.php
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6091
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html

Scores

EPSS 0.0922
EPSS Percentile 94.7%

Details

Status published
Products (1)
research_systems_inc./ion_script 1.4
Published Mar 31, 2003
Tracked Since Feb 18, 2026