Possible _GET and _POST var inversion in editpics.php Possible _GET and _POST var inversion in editpics.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Possible _GET and _POST var inversion in editpics.php

Started by sjordan, April 06, 2006, 04:13:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

sjordan

April 06, 2006, 04:13:04 AM
Lines 32 and 33 of editpics.php in CPG 1.4.4 contain the lines

Code Select

} elseif (isset($_GET['album'])) {
        $album_id = (int)$_POST['album'];


Wondering whether they should read ...

Code Select

} elseif (isset($_POST['album'])) {
        $album_id = (int)$_POST['album'];
CODE]
Print
Go Up Pages1
User actions