CVE-2002-1801

Description

ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message.

Affected products

• bizdesign / imagefolio2.23 – 2.23
• bizdesign / imagefolio2.24 – 2.24
• bizdesign / imagefolio2.26 – 2.26
• bizdesign / imagefolio2.27 – 2.27

References

• MISChttp://online.securityfocus.com/archive/1/276133
• MISChttp://www.securityfocus.com/bid/4976
• MISChttp://www.iss.net/security_center/static/9308.php