If you installed 1.4.2 or any 1.4 betas, you have a file called relocate_server.php in your root Coppermine directory. You need to remove this file as soon as possible. This file is designed to assist when moving from one server to another. It allows the user to view the information in config.inc.php, but doesn't ask for any authentication. If you have this file on your server your MySQL database information is available for anyone who executes the script.
Remove this file from your website as soon as possible.
Thank you.
Why there is no any news about this "Critical Update" on the main page?
http://coppermine-gallery.net/
Now every one read the forums... ???
Maybe because not all the devs have access to change it?
Locking this thread now.
Edit: Now listed on the index.
As suggested above, the file relocate_server.php must be removed from your server, as it could be used by others to tamper with your site. If you actually need it, get the copy I attached to this posting, but make sure to remove it from your server after having used it.
In cpg1.4.5, I re-added a file named relocate_server.php to make sure that users who upgrade actually fix the older, dangerous version of that file. The file I have added to cpg1.4.5 is harmless and will only forward users to your index page.