Описание
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sips:sips:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:sips:sips:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:sips:sips:0.3.0pl1:*:*:*:*:*:*:*
cpe:2.3:a:sips:sips:0.3.0pl2:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02198
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
EPSS
Процентиль: 84%
0.02198
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other