CVE-2002-1837

Image Display System 0.81 - Info Disclosure

Title source: llm

Description

The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.

Exploits (1)

exploitdb WORKING POC VERIFIED

by isox · perlwebappscgi

https://www.exploit-db.com/exploits/21487

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/4870

[Third Party Advisory] http://www.iss.net/security_center/static/9201.php

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/274433

[Product] http://ids.sourceforge.net/ChangeLog.html

Scores

EPSS 0.0696

EPSS Percentile 91.5%

Details

Status published

Products (1)

ids/ids 0.8.1

Published Dec 31, 2002

Tracked Since Feb 18, 2026