security issue in 1.4.9? security issue in 1.4.9?
 

News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

security issue in 1.4.9?

Started by François Keller, October 28, 2006, 08:18:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

François Keller

October 28, 2006, 08:18:00 AM
Hi,

This link was post on french board:
http://www.milw0rm.com/exploits/2660
Is this a real security problem on Coppermine 1.4.9 ?
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Aditya Mooley

#1
October 28, 2006, 09:59:48 AM
Yes, it is an exploit.

Till the time we release a new security update, users can manually fix this as follows:

Open picmgr.php
Somewhere near line 353
find:
Code Select

$aid = isset($_GET['aid']) ? ($_GET['aid']) : 0;


replace with
Code Select

$aid = isset($_GET['aid']) ? (int)($_GET['aid']) : 0;
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

François Keller

#2
October 28, 2006, 10:13:25 AM
Ok thank's for replay, i'll post your fix in the french board
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

#3
October 30, 2006, 01:06:49 AM
cpg1.4.10 has been released to address the issue - see announcement thread.
Print
Go Up Pages1
User actions