The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.22 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.4.23 should update immediately by
downloading the latest version from the
download page and following
the upgrade steps in the documentation.
For those who want to apply the vulnerability fix manually (
not recommended, this will fix the security issue only) to their Coppermine installation, the following files have been modified.
Open -
./include/init.inc.phpFind
if (ini_get('register_globals') == '1' || strtolower(ini_get('register_globals')) == 'on') {
$register_globals_flag = true;
} else {
$register_globals_flag = false;
}
and below it add
if (is_array($GLOBALS)) {
foreach ($GLOBALS as $key => $value) {
if (!in_array($key, $keysToSkip) && isset($$key) && $register_globals_flag) unset($$key);
}
}
Open -
./db_input.phpFind
$password = $_POST['alb_password'];
and replace with
$password = addslashes($_POST['alb_password']);
Finally open
./displayecard.phpFind and remove completely the following.
// attempt to obtain full link from db if ecard logging enabled and min 12 chars of data is provided and only 1 match
if ((!is_array($data)) && $CONFIG['log_ecards'] && (strlen($_GET['data']) > 12)) {
$result = cpg_db_query("SELECT link FROM {$CONFIG['TABLE_ECARDS']} WHERE link LIKE '{$_GET['data']}%'");
if (mysql_num_rows($result) === 1) {
$row = mysql_fetch_assoc($result);
$data = @unserialize(@base64_decode($row['link']));
}
}
Support:
If you have problems with this update, please use the
Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.4.23 released?The release covers a recently discovered vulnerability that allows (if unpatched) a user to launch an
SQL Injection (
thread).
Additionally, cpg1.4.23 includes fixes for the following non-security related issues:
- Add PHP 5.3 support to debugger
- Added a warning message for admin if register_globals is on
- Updated Italian language file (user contribution)
Thanks to
Nibbler for coming up with the fix, and thanks to
breath for informing us of the problem. Finally, thanks to girex for discovering the vulnerability and letting the public know.
Thanks,
The Coppermine Team