EnglishAnnouncement
- [2026-05-03] Piwigo 16.4.0 : because security matters
- [2026-02-24] Piwigo 16.3.0 : security fixes and docker update
- [2025-12-30] Piwigo 16.2.0 : customize Standard Pages
- [2025-12-02] Piwigo 16.1.0 : better compatibility with old/new PHP versions
- [2025-11-24] Piwigo 16 : Standard pages, API keys, Docker image
#1 2003-03-24 13:19:54
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 14068
Security Bug In Version 1.2
Code:
------------------------------------------
/!\ Security bug in PhpWebGallery 1.2 /!\
------------------------------------------
A security bug in the version 1.2 of PhpWebGallery enables anyone to retrieve
your database connection informations (login + password). This bug is not easy
to use but it is however important to modify files. 3 files must be updated :
1. /include/config.inc.php
2. /include/init.inc.php
3. /admin/include/isadmin.inc.php
--------------------------
1. /include/config.inc.php
--------------------------
replace (line 23 or near) :
include_once( $prefixe_include."./include/mysql.inc.php" );
include_once( $prefixe_include."./include/functions.php" );
by :
include_once( PREFIXE_INCLUDE."./include/mysql.inc.php" );
include_once( PREFIXE_INCLUDE."./include/functions.php" );
------------------------
2. /include/init.inc.php
------------------------
replace (line 17 or near) :
$prefixe_include = "";
by :
define( PREFIXE_INCLUDE, '');
---------------------------------
2. /admin/include/isadmin.inc.php
---------------------------------
replace (line 17 or near) :
$prefixe_include = ".";
by
define( PREFIXE_INCLUDE, '.');Offline