No Support > Announcements

[Announcement]: Security vulnerabilities for CPGNUKE discovered

(1/3) > >>

Joachim Müller:
Various security vulnerabilities have been discovered in the coppermine port for postNuke/phpNuke (aka "cpgnuke" or "cpg for cms").
These vulnerabilities use other nuke exploits to gain access to admin rights and can then be used to compromise the attacked web server. They only affect Coppermine for phpNuke/postNuke! Users of the standalone versions (and/or standalone bridged with bbs) are not affected.
Users of the affected versions should go to http://www.nukephotogallery.com/modules.php?name=Forums and look for fixes there - they'll be posted as soon as they're available.

GauGau

sammyd28:
What is the easiest way to tell which version you have?

Casper:
In config, it is at the top of the page.

If you are not running a cms, you should be running a standalone version.

Joachim Müller:
well, if you're using phpNuke or postNuke, you should know that you're using it, as you will have had to set up nuke before setting up coppermine. If you have never heard about "nuke" stuff, you're using the standalone version. When visiting coppermine config, you should see which version number you are using, but since the vulnerabilities only apply to nuke versions, your standalone version number doesn't matter.

GauGau

sammyd28:
So then: Coppermine Photo Gallery 1.2.1 is the standalone version and I should just relax, right?

Navigation

[0] Message Index

[#] Next page