forum.coppermine-gallery.net
No Support => General discussion (no support!) => Topic started by: François Keller on October 28, 2006, 08:18:00 am
-
Hi,
This link was post on french board:
http://www.milw0rm.com/exploits/2660 (http://www.milw0rm.com/exploits/2660)
Is this a real security problem on Coppermine 1.4.9 ?
-
Yes, it is an exploit.
Till the time we release a new security update, users can manually fix this as follows:
Open picmgr.php
Somewhere near line 353
find:
$aid = isset($_GET['aid']) ? ($_GET['aid']) : 0;
replace with
$aid = isset($_GET['aid']) ? (int)($_GET['aid']) : 0;
-
Ok thank's for replay, i'll post your fix in the french board
-
cpg1.4.10 has been released to address the issue - see announcement thread (http://forum.coppermine-gallery.net/index.php?topic=37895.0).