Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Exploit 1.4.19?  (Read 2524 times)

0 Members and 1 Guest are viewing this topic.

mahdi1234

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 60
Exploit 1.4.19?
« on: January 29, 2009, 08:13:34 pm »

How about this one, do dev know it?

http://www.milw0rm.com/exploits/7909
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit 1.4.19?
« Reply #1 on: January 29, 2009, 08:50:56 pm »

Thanks for letting us know - that's a brand-new one. We'll look into this and come up with a resolution as soon as possible.
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2165
  • Spread the PHP Web
    • Ranium Systems
Re: Exploit 1.4.19?
« Reply #2 on: January 30, 2009, 06:38:37 am »

I can confirm this exploit. Working for a fix.

The patch given by the reporter unsets all variables which were registered because of register_globals on. I think this is the correct way.
Logged
Chief Geek at Ranium Systems

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit 1.4.19?
« Reply #3 on: February 04, 2009, 11:33:52 am »

cpg1.4.20 has just been released, which takes care of the exploit. See corresponding announcement thread cpg1.4.20 Security release - upgrade mandatory!
Logged
Pages: [1]   Go Up
 

Page created in 0.026 seconds with 19 queries.