Security Advisory

CVE-2006-1668

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-04-07 10:00:00

Last updated 2024-08-07 17:19:49

Assigner mitre

State PUBLISHED

Description

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

← Browse all CVEs View on cve.org ↗