CVE-2002-1837

Image Display System 0.81 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1837. PoCs published by isox.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in Image Display System (IDS) 0.8x, allowing an attacker to confirm the existence of directories on the server by sending a crafted HTTP request with '../' sequences. The script checks the server's response to determine if the specified directory exists.

Description

The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.

Exploits (1)

exploitdb WORKING POC VERIFIED
by isox · perlwebappscgi
https://www.exploit-db.com/exploits/21487

This exploit targets a directory traversal vulnerability in Image Display System (IDS) 0.8x, allowing an attacker to confirm the existence of directories on the server by sending a crafted HTTP request with '../' sequences. The script checks the server's response to determine if the specified directory exists.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Image Display System (IDS) 0.8x
No auth needed
Prerequisites: Network access to the target IDS application · IDS 0.8x running on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4870
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9201.php
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/274433
Product x_refsource_confirm
http://ids.sourceforge.net/ChangeLog.html

Scores

EPSS 0.0294
EPSS Percentile 85.4%

Details

Status published
Products (1)
ids/ids 0.8.1
Published Dec 31, 2002
Tracked Since Feb 18, 2026