VULHUB ™

SIPS is freely available, open-source software for websites wishing to run a weblog or link index. It is written in PHP and will run on most Unix and Linux variants. SIPS does not sanitize newlines from form elements in the user preferences. The user preferences form includes a section for user-selected themes. When a user selects a theme, this information is recorded in the user database. Any extraneous data contained on a new line is also written to the user database. It is possible for a malicious user to exploit this issue by manipulating form elements in a locally saved version of the user preferences form. For example, the malicious user may cause "Status::admin" to be written to the end of the user's database file.

SIPS is freely available, open-source software for websites wishing to run a weblog or link index. It is written in PHP and will run on most Unix and Linux variants. SIPS does not sanitize newlines from form elements in the user preferences. The user preferences form includes a section for user-selected themes. When a user selects a theme, this information is recorded in the user database. Any extraneous data contained on a new line is also written to the user database. It is possible for a malicious user to exploit this issue by manipulating form elements in a locally saved version of the user preferences form. For example, the malicious user may cause "Status::admin" to be written to the end of the user's database file.