Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: security issue in 1.4.9?  (Read 8031 times)

0 Members and 1 Guest are viewing this topic.

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9094
  • aka Frantz
    • Ma galerie
security issue in 1.4.9?
« on: October 28, 2006, 08:18:00 am »

Hi,

This link was post on french board:
http://www.milw0rm.com/exploits/2660
Is this a real security problem on Coppermine 1.4.9 ?
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: security issue in 1.4.9?
« Reply #1 on: October 28, 2006, 09:59:48 am »

Yes, it is an exploit.

Till the time we release a new security update, users can manually fix this as follows:

Open picmgr.php
Somewhere near line 353
find:
Code: [Select]
$aid = isset($_GET['aid']) ? ($_GET['aid']) : 0;

replace with
Code: [Select]
$aid = isset($_GET['aid']) ? (int)($_GET['aid']) : 0;
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9094
  • aka Frantz
    • Ma galerie
Re: security issue in 1.4.9?
« Reply #2 on: October 28, 2006, 10:13:25 am »

Ok thank's for replay, i'll post your fix in the french board
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: security issue in 1.4.9?
« Reply #3 on: October 30, 2006, 01:06:49 am »

cpg1.4.10 has been released to address the issue - see announcement thread.
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 19 queries.