Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: small security problem in anycontent.php  (Read 4852 times)

0 Members and 1 Guest are viewing this topic.

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
small security problem in anycontent.php
« on: December 12, 2004, 07:18:45 pm »

Hi :)

if you open the file anycontent.php directly, the following message appears:

Quote
Fatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow
« Last Edit: December 14, 2004, 07:48:56 am by GauGau »
Logged
hope, I could help you... :)

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
Re: small security problem in anycontent.php
« Reply #1 on: December 12, 2004, 08:15:33 pm »

Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?


Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
Re: small security problem in anycontent.php
« Reply #2 on: December 12, 2004, 08:19:15 pm »

Quote
How is this a security problem?

Hi :)

so called "full path disclosure"
Logged
hope, I could help you... :)

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: small security problem in anycontent.php
« Reply #3 on: December 12, 2004, 08:40:22 pm »

Fixed easily enough with
Code: [Select]
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
« Last Edit: December 12, 2004, 08:49:13 pm by kegobeer »
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: small security problem in anycontent.php
« Reply #4 on: December 14, 2004, 07:48:41 am »

committed to devel branch.

Joachim
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 18 queries.