small security problem in anycontent.php small security problem in anycontent.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

small security problem in anycontent.php

Started by Andi, December 12, 2004, 07:18:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

December 12, 2004, 07:18:45 PM Last Edit: December 14, 2004, 07:48:56 AM by GauGau
Hi :)

if you open the file anycontent.php directly, the following message appears:

QuoteFatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow
hope, I could help you... :)

Casper

#1
December 12, 2004, 08:15:33 PM
Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?


It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Andi

#2
December 12, 2004, 08:19:15 PM
QuoteHow is this a security problem?

Hi :)

so called "full path disclosure"
hope, I could help you... :)

kegobeer

#3
December 12, 2004, 08:40:22 PM Last Edit: December 12, 2004, 08:49:13 PM by kegobeer
Fixed easily enough with
Code Select
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

#4
December 14, 2004, 07:48:41 AM
committed to devel branch.

Joachim
Print
Go Up Pages1
User actions