CVE-2003-1409

ej3 topo 1.43 - Exposure of Sensitive Information via Invalid Parameter in in.php or out.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1409. PoCs published by Rynho Zeros Web.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in TOPo software where error messages reveal web directory structure. It includes example URLs to trigger the issue but lacks executable exploit code.

Description

TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Rynho Zeros Web · textwebappsphp

https://www.exploit-db.com/exploits/22222

View Code ZIP pw:eip

The provided text describes an information disclosure vulnerability in TOPo software where error messages reveal web directory structure. It includes example URLs to trigger the issue but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: TOPo (version unspecified)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/11248

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/8008

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6768

Patch mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html

Scores

EPSS 0.0250

EPSS Percentile 82.7%

Details

CWE

CWE-200

Status published

Products (1)

ej3/topo 1.43

Published Dec 31, 2003

Tracked Since Feb 18, 2026