Question regarding security of CPG Question regarding security of CPG
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Question regarding security of CPG

Started by net, October 17, 2008, 12:29:58 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

net

Hello,

I know this is placed in the wrong section but for some reason i could not make a new thread in the General discussions forum, maybe someone messed up all the permissions for the forum?

Anyway...

I would like to know where most of the security flaws that has been found in CPG previously has been? Are they are related to user upload access? So if no one besides the admin has access to upload theres extreamly low risk of sql injection in cpg?

Joachim Müller

Quote from: net on October 17, 2008, 12:29:58 PM
I know this is placed in the wrong section but for some reason i could not make a new thread in the General discussions forum, maybe someone messed up all the permissions for the forum?
You're not allowed to start new threads on the General discussions forum, so there is no error in permissions - this is on purpose.

Quote from: net on October 17, 2008, 12:29:58 PMI would like to know where most of the security flaws that has been found in CPG previously has been?
Use your favorite diff viewer to figure out. Will take some hours though - that's why you have to do this on your own; supporters won't do that for you.

Quote from: net on October 17, 2008, 12:29:58 PMAre they are related to user upload access?
No

Quote from: net on October 17, 2008, 12:29:58 PMSo if no one besides the admin has access to upload theres extreamly low risk of sql injection in cpg?
No, that's wrong. In fact, it's utter nonsense. Disallowing uploads by others doesn't keep you safe from exploits/attacks against older versions. You have to update no matter what.