Remove relocate_server.php file from your website Remove relocate_server.php file from your website
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Remove relocate_server.php file from your website

Started by kegobeer, November 27, 2005, 02:09:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

kegobeer

If you installed 1.4.2 or any 1.4 betas, you have a file called relocate_server.php in your root Coppermine directory.  You need to remove this file as soon as possible.  This file is designed to assist when moving from one server to another.  It allows the user to view the information in config.inc.php, but doesn't ask for any authentication.  If you have this file on your server your MySQL database information is available for anyone who executes the script.

Remove this file from your website as soon as possible.

Thank you.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Makc666

Why there is no any news about this "Critical Update" on the main page?
http://coppermine-gallery.net/
Now every one read the forums... ???

kegobeer

#2
Maybe because not all the devs have access to change it?

Locking this thread now.

Edit: Now listed on the index.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

As suggested above, the file relocate_server.php must be removed from your server, as it could be used by others to tamper with your site. If you actually need it, get the copy I attached to this posting, but make sure to remove it from your server after having used it.

Joachim Müller

In cpg1.4.5, I re-added a file named relocate_server.php to make sure that users who upgrade actually fix the older, dangerous version of that file. The file I have added to cpg1.4.5 is harmless and will only forward users to your index page.