Coppermine-driven galleries hit by RAR exploit - Page 2 Coppermine-driven galleries hit by RAR exploit - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Coppermine-driven galleries hit by RAR exploit

Started by Joachim Müller, May 15, 2006, 10:21:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

AndrewRH

#20
December 01, 2006, 11:47:21 AM
I followed the suggestion to contact my ISP regarding this vulnerability.   After convincing them it was not a purely Coppermine issue (prior to 1.4.6), this is what they had to say:

>You're correct in stating that files with the .php.rar extension are
>parsed as PHP files, and that your sites visitors can upload such files
>to your webspace through a script, and have these files executed as PHP.
>
>This is not a vulnerability on our part. If you allow users to upload
>files via a script, they can also upload regular .php files as well and
>have them executed. Furthermore, you can control the MIME types of your
>files via a .htaccess file to prevent this..
~Andrew~

Joachim Müller

#21
December 02, 2006, 08:07:41 AM
This has long been fixed, do as we suggest and upgrade. It doesn't make sense to argue about outdated versions. Locking.
Print
Go Up Pages 1 2
User actions