Print

[net]

Hi,

I've manually costumized alot of stuff on my CPG and i don't wish to go through all that again, is there anyway to get the actual code that is nessesary to avoid the SQL injection exploit without doing the full update?

I know this is not recommended, but i don't have time to fix all my galleries right now, a fast fix is needed.

I also noted on the exploit that "register_globals=on" is required for this exploit to actually work in the first place, i run my own webserver and that setting is off, am i in no trouble at all?

Thanks for the help.

[Nibbler]

If register_globals is disabled then you are already safe.

If you extensively modify Coppermine (or any other script) it's a good idea to learn how to use a diff viewer so you can update your gallery. Even if a quick fix is posted for security issues you could still get bitten by bugs that have already been fixed.

[net]

I already know how to use the diff viewer, just takes time going through every single file.

Thanks for the information nibbler, thread solved.