Hello... I found this on Coppermine site and it appears my site is vunerable. Any ideas on how to deal with this issue?
What it involves is the ability of Apache to run any php code in a file as long as the filename has ".php" in the file name. Therefore uploading a file named filetest.php.rar and opening the file in a browser window will execute the code.
example from URL above... How can I find out if my webserver is vulnerable? Create a plain-text file with this content: Code: <?php print 'Oops, my webserver is vulnerable'; ?>, name it test.php.rar, upload it to your webserver (by Coppermine methods or by FTP) and run it in your browser by entering the URL of the file you uploaded into the browser's address bar. If the susequent page shows the message Quote Oops, my webserver is vulnerable , then you really should be alarmed. If it returns garbled text, the PHP source code or just asks you to download the file, then your webserver probably is configured OK and you're not vulnerable.