forum.coppermine-gallery.net
Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: tuxsoul on March 09, 2007, 07:32:39 pm
-
Hi, i see in securityfocus a new report of bug, can developer's check please :)
http://www.securityfocus.com/archive/1/462322/30/0/threaded (http://www.securityfocus.com/archive/1/462322/30/0/threaded)
-
Valid report, moving to bugs section. Needs looking into, please stay tuned for the fix.
-
There are no vulnerabilities here, seems to be the result of an automated code scanner.
-
Imo there are vulnerabilities on certain, unsecure server-setups, with the vars in the URL not being defined within the script under all circumstances. Best practise is to define all vars used, particularly those that are being used as a path or the ones sent to the shell using exec.
The fixes for the vulnerabilities are easy: just add $cmd = '';and similar to the top of the pages that are being mentioned.
Imo this should be fixed, and yes, they even justify a maintenance release imo.
-
Well that is what they scanned for, but I didn't find any cases which were actually exploitable. They were contained within functions so no injected variables would be in scope. I agree they should be fixed but I don't think it warrants a release unless the flaws can actually be abused. Maybe I missed something.
-
Yes, they reside within functions, you're right.