Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Serious security issue with search function  (Read 544 times)

0 Members and 1 Guest are viewing this topic.

roberb7

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Serious security issue with search function
« on: May 11, 2017, 01:20:14 am »

This is for version 1.5.46.
My site is hosted by Veerotech.
This morning, I attempted to search for a picture. After I did so, all accesses to my entire site (not just the coppermine directory) resulted in 403 errors.
After checking the usual culprits (.htaccess, directory permissions), I contacted Veerotech's support. What I learned is my site was blocked the Mod_Security rules. The only info they were able to give me was, "likely a poorly coded plugin/module allowing variables to be submitted in a similar fashion to XSS."
I wish they could have been more specific, but the problem they refer to would be in search.php or thumbnails.php. Probably the former.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15415
Re: Serious security issue with search function
« Reply #1 on: July 03, 2017, 03:22:17 pm »

That's the first report regarding that issue. I doubt we can do anything without more details how to replicate the issue.
Logged
Pages: [1]   Go Up
 

Page created in 0.013 seconds with 20 queries.