Print

[ComputerLady]

Pardon my confusion here, but I found a post in imei's Bug Blog regarding a 'new' remote code execution flaw found in Coppermine 1.4.4:

http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html

I'm having a lot of trouble understanding the discussion surrounding the code sited, and if this is something those of us using Coppermine should be concerned. That bug report was reflected out through Secunia's Latest Security Advisories RSS feed, but I don't see much supporting evidence in the blog post. But then, following some of that is beyond me at present.

So, my question is, is this a new bug or something we can safely ignore? (My hosting service insisted everyone update to v1.4.4 of Coppermine or face having their install of Coppermine removed after that last bug.) 

Thanks! 

[Joachim Müller]

split from http://forum.coppermine-gallery.net/index.php?topic=28079.0, which was a split-off from another different thread. Don't hijack threads, especially those that deal with security issues, as it will get increasingly hard for others to keep track. Search the board before posting, this is being discussed already!

[ComputerLady]

Finally found public discussion on this here:
http://forum.coppermine-gallery.net/index.php?topic=30504.0

Will turn on notifications for that thread so I can track this...

[Joachim Müller]

you better turn on notifications for the announcement board...

[ComputerLady]

Did that again, as that must have stopped working again... Thanks for the reminder!

[Joachim Müller]

http://forum.coppermine-gallery.net/index.php?topic=30655.0