security issue in 1.4.9? security issue in 1.4.9?
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

security issue in 1.4.9?

Started by François Keller, October 28, 2006, 08:18:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

François Keller

October 28, 2006, 08:18:00 AM
Hi,

This link was post on french board:
http://www.milw0rm.com/exploits/2660
Is this a real security problem on Coppermine 1.4.9 ?
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Aditya Mooley

#1
October 28, 2006, 09:59:48 AM
Yes, it is an exploit.

Till the time we release a new security update, users can manually fix this as follows:

Open picmgr.php
Somewhere near line 353
find:
Code Select

$aid = isset($_GET['aid']) ? ($_GET['aid']) : 0;


replace with
Code Select

$aid = isset($_GET['aid']) ? (int)($_GET['aid']) : 0;
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

François Keller

#2
October 28, 2006, 10:13:25 AM
Ok thank's for replay, i'll post your fix in the french board
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

#3
October 30, 2006, 01:06:49 AM
cpg1.4.10 has been released to address the issue - see announcement thread.
Print
Go Up Pages1
User actions