Hello,
I'm helping a colleague who found the install message instead of her fully populated gallery. I traced the problem to what appeared to be a ham-handed attack, changing the /local/config/ directory's permissions to 200 and inserting some strange obfuscated javascript and php.
I changed the permissions and deleted the anomalous files, and the gallery reappeared. 1st hurdle cleared! Afterward, however, I wanted to update the version, in case there's still vulnerabilities there... and none of the login credentials are accepted as valid. We tried the reset-password for the account, which proceeded just fine; but the new password is likewise rejected.
Could the use of 755 for the /local permissions be problematic? Is there something else I am missing? Thanks for any help or insights you can offer,
Matthew
Piwigo version: 2.5.2
PHP version: 5
MySQL version: 5
Piwigo URL: http://sponsor.eii.org/photo
Hello
what is problematic is that you're running a vulnerable version of Piwigo [Forum, topic 25016] Piwigo 2.7.3, 2.6.5 and 2.5.6, security bug fixed very old ! Be sure you update any of your softwares (server, your computer, your smartphone ...)
Offline
Hi,
Thanks for your response. I hadn't been the maintainer of this gallery, and I agree that updating is important -- but I'm currently unable to log in and so I can't update it now. Any suggestions? Thanks again,
Matthew