Vulnerability Details CVE-2002-1837
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.07
EPSS Ranking 91.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://ids.sourceforge.net/ChangeLog.html
- http://online.securityfocus.com/archive/1/274433
- http://www.iss.net/security_center/static/9201.php
- http://www.securityfocus.com/bid/4870
- http://ids.sourceforge.net/ChangeLog.html
- http://online.securityfocus.com/archive/1/274433
- http://www.iss.net/security_center/static/9201.php
- http://www.securityfocus.com/bid/4870