false positive P1410 and cmsmadesimple/coppermine etc.?

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
4 posts Page 1 of 1
webk
Junior Member
Posts: 3
Joined: 28 Nov 2017, 08:22


Hi there,

we're getting a lot of alerts for exploit P1410 but the affected files seem to be a simple archive script included in a lot of apps like coppermine, joomla extensions, CMS Made Simple and so on. The apparently bad file is even included in official sources of the named products. I don't know if maybe some malware used partially the same code as the legitimate script and now all are matched to be an exploit?

Example files:
cmsmadesimple:
http://svn.cmsmadesimple.org/svn/cmsmad ... /untgz.php

b2evolution:
https://raw.githubusercontent.com/b2evo ... chives.php

coppermine:
https://github.com/coppermine-gallery/c ... rchive.php

Thank you very much for checking, I hope there is a quick fix or explanation.

- Sandro
ForumAdmin
Moderator
Posts: 1341
Joined: 01 Oct 2008, 09:24


Just had a quick look - If you update as follows it should now be resolved:
Code: Select all
rm -fv /etc/cxs/new.fp
cxs -U
webk
Junior Member
Posts: 3
Joined: 28 Nov 2017, 08:22


Thank you for your very quick reply!

I just tried that and uploaded one of the mentioned files but it still was matched as P1410. Just to be sure: I don't have to restart the service after the upgrade, right?
webk
Junior Member
Posts: 3
Joined: 28 Nov 2017, 08:22


I did it again and now it works. No clue why I had to do it twice but thank you very much for your help! :-)
4 posts Page 1 of 1