CVE-2002-0267 Information

Description

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the \theme\ field followed by the Status::admin command which causes the Status line to be entered into the password file.

Reference

http://marc.info/?l=bugtraq&m=101363233905645&w=2 http://sips.sourceforge.net/adminvul.html http://www.iss.net/security_center/static/8193.php http://www.securityfocus.com/bid/4097