Urgent- safety issues Urgent- safety issues
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Urgent- safety issues

Started by Edis, June 27, 2006, 03:12:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Edis

in advance... mine english is bad.
I have problem with my CP gallery, and it looks like permissions alowed people to regain control over gallery, and o modify permissions, puting some script in users albums.
I found one such script in one of the user albums, and delete it, but.. I can not delete it somehow. So I rename it, and put other permissions on it.
24 hours later, I found some kind of backdoor, php file in one of the user albums (I am sure that user did not upload this) and with that file you can do what ever you want with gallery: change permissions, upload files, find out passwords, see permissions on folder end even edit index.php and other php. files in gallery.

So.. I have this script on my PC now, I delete it TWICE from my server, and I really don know what to do now.
Is there anybody from Coppermine support to whom i can send this php file? Anybody had this problem?

Nibbler

Make sure you are running the latest version of Coppermine.

natalina

The same problem (version 1.48) Just have post about it at upgrade board... :-[