Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: mahdi1234 on January 29, 2009, 08:13:34 PM

Title: Exploit 1.4.19?
Post by: mahdi1234 on January 29, 2009, 08:13:34 PM
How about this one, do dev know it?

http://www.milw0rm.com/exploits/7909
Title: Re: Exploit 1.4.19?
Post by: Joachim Müller on January 29, 2009, 08:50:56 PM
Thanks for letting us know - that's a brand-new one. We'll look into this and come up with a resolution as soon as possible.
Title: Re: Exploit 1.4.19?
Post by: Abbas Ali on January 30, 2009, 06:38:37 AM
I can confirm this exploit. Working for a fix.

The patch given by the reporter unsets all variables which were registered because of register_globals on. I think this is the correct way.
Title: Re: Exploit 1.4.19?
Post by: Joachim Müller on February 04, 2009, 11:33:52 AM
cpg1.4.20 has just been released, which takes care of the exploit. See corresponding announcement thread cpg1.4.20 Security release - upgrade mandatory! (http://forum.coppermine-gallery.net/index.php/topic,57882.0.html)
Text only | Text with Images