Hacking attempts using exploited coppermine for CMS script Hacking attempts using exploited coppermine for CMS script
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Hacking attempts using exploited coppermine for CMS script

Started by Apoc, August 20, 2004, 04:08:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Apoc

Hello,

I work for a quite large webhosting company, and I just did som daily routine security checks, and found out that someone had used an exploited coppermine script to gain access to the server. No serious damage was done, the person was only running a few eggdops (which we don't allow).

I have disabled the script. I'm not able to see what version was running, however could you please verify that the latest version of coppermine is absolutely secure? And are you aware of any exploits in older versions?

I'm going to have to disallow users from running coppermine on any of our servers if you can't show me that coppermine is secure. I really don't want to go there, so I hope you can verify this.

Thank you.

Apoc


Joachim Müller

just to make this clear for others reading this thread: the security vulnerability and the resulting exploit does not apply to coppermine standalone (with our without bbs integration), but only applies to cpgNuke (aka "Coppermine for CMS"). There are no known security holes in coppermine standalone.
Next time, please make sure to post on the proper board (your report should have gone to the support board for "Coppermine for CMS" here: http://www.nukephotogallery.com/) - posting security related reports is a sensitive area that can ruin a software's reputation without an actual security risk existing.

GauGau

Tarique Sani

SANIsoft PHP applications for E Biz