Back to CVE Browser

CVE-2006-1668

CRITICAL

9.0

CVSS Severity Score

EPSS Score0.1670%

EPSS Percentile14.16th

PublishedApr 7, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

Affected Platforms (CPE)

📦

Crafty Syntax Image Gallery

Crafty Syntax Image Gallery

<= 3.1g

References & Advisories

🔗 http://bash-x.net/undef/adv/craftygallery.html

🔗 http://bash-x.net/undef/exploits/crappy_syntax.txt

🔗 http://secunia.com/advisories/19478

🔗 http://www.osvdb.org/24387

🔗 http://www.securityfocus.com/bid/17379

🔗 http://www.vupen.com/english/advisories/2006/1239

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25655

🔗 https://www.exploit-db.com/exploits/1645

Related Vulnerabilities

CVE-2006-16677.5

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g...

CVE-2006-502510.0

Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack ve...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...