Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Serious security issue with search function  (Read 2844 times)

0 Members and 1 Guest are viewing this topic.

roberb7

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Serious security issue with search function
« on: May 11, 2017, 01:20:14 am »

This is for version 1.5.46.
My site is hosted by Veerotech.
This morning, I attempted to search for a picture. After I did so, all accesses to my entire site (not just the coppermine directory) resulted in 403 errors.
After checking the usual culprits (.htaccess, directory permissions), I contacted Veerotech's support. What I learned is my site was blocked the Mod_Security rules. The only info they were able to give me was, "likely a poorly coded plugin/module allowing variables to be submitted in a similar fashion to XSS."
I wish they could have been more specific, but the problem they refer to would be in search.php or thumbnails.php. Probably the former.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Serious security issue with search function
« Reply #1 on: July 03, 2017, 03:22:17 pm »

That's the first report regarding that issue. I doubt we can do anything without more details how to replicate the issue.
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 19 queries.