Support Forum Project Downloads FAQ Documentation About Demo Tutorials Blog Plugins
November 21, 2009, 07:48:20 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Maintenance release cpg1.4.25 - upgrade recommended
The Coppermine development team is releasing an update for Coppermine in order to fix an issue with http uploads that could occur in particular versions of PHP.The fix is not security-critical, so if your gallery is running fine with cpg1.4.23 or cpg1.4.24 you don't need to upgrade. If you are running an older version than cpg1.4.23, you must update to this latest version as soon as possible because of the security impact (the past few maintenance releases before cpg1.4.24 all were security-related).
[more]
   Home   Help Search Board rules Login Register  
forum.coppermine-gallery.net > Support > cpg1.4.x Support > cpg1.4 miscellaneous > Topic: Local File Inclusion and Blind SQL Injection (exploit)
Pages: [1]   Go Down
« previous next »
  Send this topic  |  Print  
Author Topic: Local File Inclusion and Blind SQL Injection (exploit)  (Read 2192 times)
0 Members and 1 Guest are viewing this topic.
breath Topic starter
Coppermine newbie

Uzbekistan Uzbekistan

Posts: 2
« on: May 19, 2009, 06:39:46 am »
Here is a new one - http://www.milw0rm.com/exploits/8713
Logged
Hein Traag
Dev Team member
****
Gender: Male
Netherlands Netherlands

Posts: 2153


A, B, Cpg


WWW
« Reply #1 on: May 19, 2009, 07:00:29 am »
Thanks for reporting this exploit breath. The Dev team wil find a fix asap.
Logged
Joachim Müller
Administrator
*****
Gender: Male
Germany Germany

Posts: 45051


aka "GauGau"


WWW
« Reply #2 on: May 19, 2009, 08:08:18 am »
Corresponding developer thread started. We'll release a new version asap to counter the exploit. Thanks for letting us know.
Logged
breath Topic starter
Coppermine newbie

Uzbekistan Uzbekistan

Posts: 2
« Reply #3 on: May 23, 2009, 11:55:33 am »
thx 4 update
Logged
Joachim Müller
Administrator
*****
Gender: Male
Germany Germany

Posts: 45051


aka "GauGau"


WWW
« Reply #4 on: May 24, 2009, 08:40:08 am »
Sorry, I forgot to reply to your thread. As you already figured out, the release has been packaged - cpg1.4.23 is out.
Logged
Pages: [1]   Go Up
  Send this topic  |  Print  
forum.coppermine-gallery.net > Support > cpg1.4.x Support > cpg1.4 miscellaneous > Topic: Local File Inclusion and Blind SQL Injection (exploit)
 « previous next »
 
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.031 seconds with 16 queries.