Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: security issue in 1.4.9?  (Read 5595 times)

0 Members and 1 Guest are viewing this topic.

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9097
  • aka Frantz
    • Ma galerie
security issue in 1.4.9?
« on: October 28, 2006, 08:18:00 am »

Hi,

This link was post on french board:
http://www.milw0rm.com/exploits/2660
Is this a real security problem on Coppermine 1.4.9 ?
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: security issue in 1.4.9?
« Reply #1 on: October 28, 2006, 09:59:48 am »

Yes, it is an exploit.

Till the time we release a new security update, users can manually fix this as follows:

Open picmgr.php
Somewhere near line 353
find:
Code: [Select]
$aid = isset($_GET['aid']) ? ($_GET['aid']) : 0;

replace with
Code: [Select]
$aid = isset($_GET['aid']) ? (int)($_GET['aid']) : 0;
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9097
  • aka Frantz
    • Ma galerie
Re: security issue in 1.4.9?
« Reply #2 on: October 28, 2006, 10:13:25 am »

Ok thank's for replay, i'll post your fix in the french board
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: security issue in 1.4.9?
« Reply #3 on: October 30, 2006, 01:06:49 am »

cpg1.4.10 has been released to address the issue - see announcement thread.
Logged
Pages: [1]   Go Up
 

Page created in 0.042 seconds with 20 queries.