Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Exploit 1.4.19?  (Read 2569 times)

0 Members and 1 Guest are viewing this topic.

mahdi1234

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 60
Exploit 1.4.19?
« on: January 29, 2009, 08:13:34 pm »
How about this one, do dev know it?

http://www.milw0rm.com/exploits/7909
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit 1.4.19?
« Reply #1 on: January 29, 2009, 08:50:56 pm »
Thanks for letting us know - that's a brand-new one. We'll look into this and come up with a resolution as soon as possible.
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2165
  • Spread the PHP Web
    • Ranium Systems
Re: Exploit 1.4.19?
« Reply #2 on: January 30, 2009, 06:38:37 am »
I can confirm this exploit. Working for a fix.

The patch given by the reporter unsets all variables which were registered because of register_globals on. I think this is the correct way.
Logged
Chief Geek at Ranium Systems

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit 1.4.19?
« Reply #3 on: February 04, 2009, 11:33:52 am »
cpg1.4.20 has just been released, which takes care of the exploit. See corresponding announcement thread cpg1.4.20 Security release - upgrade mandatory!
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.034 seconds with 20 queries.