cpg 1.43 album permission bug? cpg 1.43 album permission bug?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

cpg 1.43 album permission bug?

Started by hobby, February 13, 2006, 07:10:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

hobby

hello, i am using cpg 1.43 and got the following major problem:

the album "party" is passwort protected and another album (secret) contains pics which shall only be viewable by users of the group "secret" i.e....

so...when a guest now typing the correct passwort for the party album, hey is able to view not only the party pics, he also can be look at the secret-album pictures...

another example:

when a user normal registerd user logs in, he also can view the pics of the secret ablum, instead he isnt member of the group "secret"...

anyone else with the same major security problems???

some help of anyone would be great, because its really a problem...or is it a bug maybe???

thx and cu

:)

-hobby

Joachim Müller

hard to say without a link and a non-admin test user account... ;)

hobby

hm...maybe i schould inform you, that it was a 1.3 version, which i upgraded to version 1.43... and: yes, i run the update.php...but i wont work.

now, anyway, i removed it to replace it completly with 1.43...

this works fine.

but thx anyway :))