Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Local File Inclusion and Blind SQL Injection (exploit)  (Read 14310 times)

0 Members and 1 Guest are viewing this topic.

breath

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Local File Inclusion and Blind SQL Injection (exploit)
« Reply #1 on: May 19, 2009, 08:00:29 am »

Thanks for reporting this exploit breath. The Dev team wil find a fix asap.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Local File Inclusion and Blind SQL Injection (exploit)
« Reply #2 on: May 19, 2009, 09:08:18 am »

Corresponding developer thread started. We'll release a new version asap to counter the exploit. Thanks for letting us know.
Logged

breath

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Local File Inclusion and Blind SQL Injection (exploit)
« Reply #3 on: May 23, 2009, 12:55:33 pm »

thx 4 update
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Local File Inclusion and Blind SQL Injection (exploit)
« Reply #4 on: May 24, 2009, 09:40:08 am »

Sorry, I forgot to reply to your thread. As you already figured out, the release has been packaged - cpg1.4.23 is out.
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 19 queries.