Vulnerability Description
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sips | Sips | 0.2.4 |
References
- http://marc.info/?l=bugtraq&m=101363233905645&w=2
- http://sips.sourceforge.net/adminvul.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8193.php
- http://www.securityfocus.com/bid/4097
- http://marc.info/?l=bugtraq&m=101363233905645&w=2
- http://sips.sourceforge.net/adminvul.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8193.php
- http://www.securityfocus.com/bid/4097
FAQ
What is CVE-2002-0267?
CVE-2002-0267 is a vulnerability with a CVSS score of 10.0 (HIGH). preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin co...
How severe is CVE-2002-0267?
CVE-2002-0267 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0267?
Check the references section above for vendor advisories and patch information. Affected products include: Sips Sips.