Serious security issue with search function Serious security issue with search function
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

Serious security issue with search function

Started by roberb7, May 11, 2017, 01:20:14 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

roberb7

May 11, 2017, 01:20:14 AM
This is for version 1.5.46.
My site is hosted by Veerotech.
This morning, I attempted to search for a picture. After I did so, all accesses to my entire site (not just the coppermine directory) resulted in 403 errors.
After checking the usual culprits (.htaccess, directory permissions), I contacted Veerotech's support. What I learned is my site was blocked the Mod_Security rules. The only info they were able to give me was, "likely a poorly coded plugin/module allowing variables to be submitted in a similar fashion to XSS."
I wish they could have been more specific, but the problem they refer to would be in search.php or thumbnails.php. Probably the former.

ΑndrĂ©

#1
July 03, 2017, 03:22:17 PM
That's the first report regarding that issue. I doubt we can do anything without more details how to replicate the issue.
Print
Go Up Pages1
User actions