Описание
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-1668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25655
- https://www.exploit-db.com/exploits/1645
- http://bash-x.net/undef/adv/craftygallery.html
- http://bash-x.net/undef/exploits/crappy_syntax.txt
- http://secunia.com/advisories/19478
- http://www.osvdb.org/24387
- http://www.securityfocus.com/bid/17379
- http://www.vupen.com/english/advisories/2006/1239
EPSS
CVE ID
Связанные уязвимости
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
EPSS