Hi,
I've manually costumized alot of stuff on my CPG and i don't wish to go through all that again, is there anyway to get the actual code that is nessesary to avoid the SQL injection exploit without doing the full update?
I know this is not recommended, but i don't have time to fix all my galleries right now, a fast fix is needed.
I also noted on the exploit that "register_globals=on" is required for this exploit to actually work in the first place, i run my own webserver and that setting is off, am i in no trouble at all?
Thanks for the help.
If register_globals is disabled then you are already safe.
If you extensively modify Coppermine (or any other script) it's a good idea to learn how to use a diff viewer so you can update your gallery. Even if a quick fix is posted for security issues you could still get bitten by bugs that have already been fixed.
I already know how to use the diff viewer, just takes time going through every single file.
Thanks for the information nibbler, thread solved.