false positive P1410 and cmsmadesimple/coppermine etc.?
Posted: 28 Nov 2017, 08:53
Hi there,
we're getting a lot of alerts for exploit P1410 but the affected files seem to be a simple archive script included in a lot of apps like coppermine, joomla extensions, CMS Made Simple and so on. The apparently bad file is even included in official sources of the named products. I don't know if maybe some malware used partially the same code as the legitimate script and now all are matched to be an exploit?
Example files:
cmsmadesimple:
http://svn.cmsmadesimple.org/svn/cmsmad ... /untgz.php
b2evolution:
https://raw.githubusercontent.com/b2evo ... chives.php
coppermine:
https://github.com/coppermine-gallery/c ... rchive.php
Thank you very much for checking, I hope there is a quick fix or explanation.
- Sandro
we're getting a lot of alerts for exploit P1410 but the affected files seem to be a simple archive script included in a lot of apps like coppermine, joomla extensions, CMS Made Simple and so on. The apparently bad file is even included in official sources of the named products. I don't know if maybe some malware used partially the same code as the legitimate script and now all are matched to be an exploit?
Example files:
cmsmadesimple:
http://svn.cmsmadesimple.org/svn/cmsmad ... /untgz.php
b2evolution:
https://raw.githubusercontent.com/b2evo ... chives.php
coppermine:
https://github.com/coppermine-gallery/c ... rchive.php
Thank you very much for checking, I hope there is a quick fix or explanation.
- Sandro