[Announcement]: Security vulnerabilities for CPGNUKE discovered [Announcement]: Security vulnerabilities for CPGNUKE discovered
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

[Announcement]: Security vulnerabilities for CPGNUKE discovered

Started by Joachim Müller, May 01, 2004, 05:06:51 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Joachim Müller

Various security vulnerabilities have been discovered in the coppermine port for postNuke/phpNuke (aka "cpgnuke" or "cpg for cms").
These vulnerabilities use other nuke exploits to gain access to admin rights and can then be used to compromise the attacked web server. They only affect Coppermine for phpNuke/postNuke! Users of the standalone versions (and/or standalone bridged with bbs) are not affected.
Users of the affected versions should go to http://www.nukephotogallery.com/modules.php?name=Forums and look for fixes there - they'll be posted as soon as they're available.

GauGau

sammyd28

What is the easiest way to tell which version you have?

Casper

In config, it is at the top of the page.

If you are not running a cms, you should be running a standalone version.
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Joachim Müller

well, if you're using phpNuke or postNuke, you should know that you're using it, as you will have had to set up nuke before setting up coppermine. If you have never heard about "nuke" stuff, you're using the standalone version. When visiting coppermine config, you should see which version number you are using, but since the vulnerabilities only apply to nuke versions, your standalone version number doesn't matter.

GauGau

sammyd28

So then: Coppermine Photo Gallery 1.2.1 is the standalone version and I should just relax, right?

Tarique Sani

Right, CPG standalone(non CMS version) users can relax on this one...

CPG for CMS / Nuke users take a look here http://cpgnuke.com/index.php?name=Forums&file=viewtopic&t=341
SANIsoft PHP applications for E Biz

gtroll

Coppermine Photo Gallery 1.2.1 could be coppermine for CMS but you would probably know if it was a nuke install- check and see if you have a file called mainfile.php in your home directory if so it's nuke

charlottezweb

I apologize if this has been answered elsewhere, but I'm assuming this has nothing to do with a coppermine/YaBBSE integration?  If not, is there a known issue with that?  I've apparently had a weird issue tonight.

(i'll search the boards now, that might be smarter)  :)

Regards,
Jason

hyperion

No, this does not have anything to do with YABBSE.
"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.mozilla.org%2Fproducts%2Ffirefox%2Fbuttons%2Fgetfirefox_small.png&hash=9f6d645801cbc882a52f0ee76cfeda02625fc537)

Joachim Müller

...although there have been security issues with YaBB SE in the past - you're strongly recommended to apply all security fixes provided for YaBB SE and upgrade to the latest stable version of it (1.5.5), or even upgrade to smf.

GauGau

charlottezweb

Quote from: GauGau on June 04, 2004, 07:51:03 AM
...although there have been security issues with YaBB SE in the past - you're strongly recommended to apply all security fixes provided for YaBB SE and upgrade to the latest stable version of it (1.5.5), or even upgrade to smf.

GauGau

Oh, I know.  I've been installing it for years, but I don't think the problem was with YSE.  The site was on the latest 1.5.5 patch but it had an old version of a coppermine integration mod that was apparently compromised last night and I see that it's not even supported anymore on your forums.  So it looks like my SMF migration schedule for that particular site has been moved forward by a hell of a lot :)  I'm gonna try the latest coppermine integration that Jack (and yourself I'm assuming) ported tomorrow and hopefully save my gallery and all of its posts.

Thanks for your help,
Jason