small security problem in anycontent.php small security problem in anycontent.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

small security problem in anycontent.php

Started by Andi, December 12, 2004, 07:18:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Andi

Hi :)

if you open the file anycontent.php directly, the following message appears:

QuoteFatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow
hope, I could help you... :)

Casper

Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?


It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Andi

QuoteHow is this a security problem?

Hi :)

so called "full path disclosure"
hope, I could help you... :)

kegobeer

#3
Fixed easily enough with
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller