CVE-2002-2218

Name of the Vulnerable Software and Affected Versions: Haakon Nilsen simple, integrated publishing system (SIPS) versions prior to 20020209

Description: The issue is related to a CRLF injection vulnerability in the setUserValue function. This vulnerability could potentially allow gaining privileges or modifying critical configuration by injecting a CRLF sequence in a key value.

Recommendations: For versions prior to 20020209, as a temporary workaround, consider disabling the setUserValue function until a patch is available. Restrict access to the site.inc.php file to minimize the risk of exploitation. Avoid using the vulnerable function in the sipssys/code directory until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.