Serious security issue with search function Serious security issue with search function
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Serious security issue with search function

Started by roberb7, May 11, 2017, 01:20:14 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

roberb7

May 11, 2017, 01:20:14 AM
This is for version 1.5.46.
My site is hosted by Veerotech.
This morning, I attempted to search for a picture. After I did so, all accesses to my entire site (not just the coppermine directory) resulted in 403 errors.
After checking the usual culprits (.htaccess, directory permissions), I contacted Veerotech's support. What I learned is my site was blocked the Mod_Security rules. The only info they were able to give me was, "likely a poorly coded plugin/module allowing variables to be submitted in a similar fashion to XSS."
I wish they could have been more specific, but the problem they refer to would be in search.php or thumbnails.php. Probably the former.

ΑndrĂ©

#1
July 03, 2017, 03:22:17 PM
That's the first report regarding that issue. I doubt we can do anything without more details how to replicate the issue.
Print
Go Up Pages1
User actions