Описание
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
Ссылки
- ExploitURL Repurposed
- ExploitURL Repurposed
- ExploitVendor Advisory
- Exploit
- ExploitURL Repurposed
- ExploitURL Repurposed
- ExploitVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 3.1g (включая)
cpe:2.3:a:crafty_syntax_image_gallery:crafty_syntax_image_gallery:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07453
Низкий
9 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
EPSS
Процентиль: 92%
0.07453
Низкий
9 Critical
CVSS2
Дефекты
NVD-CWE-Other