CVE-2006-1668

CVE-2006-1668 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

Learn more about our User Device Pen Test.