The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote malicious users to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ids ids 0.8.1 |