CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-1668

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile14.16th
Published2006年4月7日
Last Modified2026年4月16日

Vulnerability Description

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

Affected Platforms (CPE)

📦
Crafty Syntax Image Gallery

Crafty Syntax Image Gallery

<= 3.1g

References & Advisories

🔗 http://bash-x.net/undef/adv/craftygallery.html
🔗 http://bash-x.net/undef/exploits/crappy_syntax.txt
🔗 http://secunia.com/advisories/19478
🔗 http://www.osvdb.org/24387
🔗 http://www.securityfocus.com/bid/17379
🔗 http://www.vupen.com/english/advisories/2006/1239
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25655
🔗 https://www.exploit-db.com/exploits/1645

相關漏洞威脅

CVE-2006-16677.5

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g...

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...