CVE-2002-0267

Name of the Vulnerable Software and Affected Versions Simple Internet Publishing System (SIPS) versions prior to 0.3.1

Description The issue allows remote attackers to gain administrative privileges by exploiting a vulnerability in the theme field of the preferences.php file. This is achieved by inserting a linebreak in the theme field followed by the Status::admin command, which results in the Status line being entered into the password file.

Recommendations For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the preferences.php file to prevent exploitation. Avoid using the theme field in the preferences.php file until the issue is resolved.