CVE-2002-0267

UNKNOWN

preferences

Published Apr 2, 2003

Modified 1 years ago

No fix available

Details

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.

References

WEBhttp://marc.info/?l=bugtraq&m=101363233905645&w=2 WEBhttp://sips.sourceforge.net/adminvul.html WEBhttp://www.iss.net/security_center/static/8193.php WEBhttp://www.securityfocus.com/bid/4097 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2002-0267

CVSS Analysis

CVSS v2.0

10.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

10/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedApr 2, 2003

ModifiedAug 8, 2024