Question regarding upgrade on customized cpq Question regarding upgrade on customized cpq
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Question regarding upgrade on customized cpq

Started by net, February 25, 2009, 09:30:46 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

net

Hi,

I've manually costumized alot of stuff on my CPG and i don't wish to go through all that again, is there anyway to get the actual code that is nessesary to avoid the SQL injection exploit without doing the full update?

I know this is not recommended, but i don't have time to fix all my galleries right now, a fast fix is needed.

I also noted on the exploit that "register_globals=on" is required for this exploit to actually work in the first place, i run my own webserver and that setting is off, am i in no trouble at all?

Thanks for the help.

Nibbler

If register_globals is disabled then you are already safe.

If you extensively modify Coppermine (or any other script) it's a good idea to learn how to use a diff viewer so you can update your gallery. Even if a quick fix is posted for security issues you could still get bitten by bugs that have already been fixed.

net

I already know how to use the diff viewer, just takes time going through every single file.

Thanks for the information nibbler, thread solved.