Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Serious security issue with search function  (Read 1484 times)

0 Members and 1 Guest are viewing this topic.

roberb7

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Serious security issue with search function
« on: May 11, 2017, 01:20:14 am »

This is for version 1.5.46.
My site is hosted by Veerotech.
This morning, I attempted to search for a picture. After I did so, all accesses to my entire site (not just the coppermine directory) resulted in 403 errors.
After checking the usual culprits (.htaccess, directory permissions), I contacted Veerotech's support. What I learned is my site was blocked the Mod_Security rules. The only info they were able to give me was, "likely a poorly coded plugin/module allowing variables to be submitted in a similar fashion to XSS."
I wish they could have been more specific, but the problem they refer to would be in search.php or thumbnails.php. Probably the former.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15761
Re: Serious security issue with search function
« Reply #1 on: July 03, 2017, 03:22:17 pm »

That's the first report regarding that issue. I doubt we can do anything without more details how to replicate the issue.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.