Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Image Display System可判断目录是否存在漏洞
Vulnerability Description
IDS(Image Display System)是一款基于Web的图象册应用程序,由Perl编写,Ashley M. Kirchner维护。 IDS对用户提交的请求缺少正确的处理,可导致远程攻击者获得主机相关的路径信息。 攻击者可以提交包含'../'字符的目录和图象册名称的请求,就可以导致IDS返回包含目录是否存在的错误信息,攻击者可以通过此信息进一步对系统进行攻击。 问题存在于如下处理代码中: idsShared.pm::getAlbumToDisplay() ====================
CVSS Information
N/A
Vulnerability Type
N/A