false positive P1410 and cmsmadesimple/coppermine etc.?

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
webk
Junior Member
Posts: 3
Joined: 28 Nov 2017, 08:22

false positive P1410 and cmsmadesimple/coppermine etc.?

Post by webk »

Hi there,

we're getting a lot of alerts for exploit P1410 but the affected files seem to be a simple archive script included in a lot of apps like coppermine, joomla extensions, CMS Made Simple and so on. The apparently bad file is even included in official sources of the named products. I don't know if maybe some malware used partially the same code as the legitimate script and now all are matched to be an exploit?

Example files:
cmsmadesimple:
http://svn.cmsmadesimple.org/svn/cmsmad ... /untgz.php

b2evolution:
https://raw.githubusercontent.com/b2evo ... chives.php

coppermine:
https://github.com/coppermine-gallery/c ... rchive.php

Thank you very much for checking, I hope there is a quick fix or explanation.

- Sandro

ForumAdmin
Moderator
Posts: 1460
Joined: 01 Oct 2008, 09:24

Re: false positive P1410 and cmsmadesimple/coppermine etc.?

Post by ForumAdmin »

Just had a quick look - If you update as follows it should now be resolved:

Code: Select all

rm -fv /etc/cxs/new.fp
cxs -U

webk
Junior Member
Posts: 3
Joined: 28 Nov 2017, 08:22

Re: false positive P1410 and cmsmadesimple/coppermine etc.?

Post by webk »

Thank you for your very quick reply!

I just tried that and uploaded one of the mentioned files but it still was matched as P1410. Just to be sure: I don't have to restart the service after the upgrade, right?

webk
Junior Member
Posts: 3
Joined: 28 Nov 2017, 08:22

Re: false positive P1410 and cmsmadesimple/coppermine etc.?

Post by webk »

I did it again and now it works. No clue why I had to do it twice but thank you very much for your help! :-)

Post Reply