CVE-2001-0780

Name of the Vulnerable Software and Affected Versions Cosmicperl Directory Pro version 2.0

Description The issue allows remote attackers to gain sensitive information. This is achieved by exploiting a directory traversal vulnerability in the cosmicpro.cgi component. Specifically, the vulnerability can be triggered by including a .. (dot dot) in the SHOW parameter of a request.

Recommendations For Cosmicperl Directory Pro version 2.0, consider restricting access to the cosmicpro.cgi component until a patch is available. As a temporary workaround, avoid using the SHOW parameter in requests to the cosmicpro.cgi component.