Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1668

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2006-1668
Last Modified 07 Mar 2011 09:33:33
Published 07 Apr 2006 06:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1668

Summary

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

Vulnerable Systems

Application

  • Crafty Syntax Image Gallery 3.1g


References

VUPEN - ADV-2006-1239

BID - 17379

SECUNIA - 19478

MILW0RM - 1645

MISC - http://bash-x.net/undef/exploits/crappy_syntax.txt

MISC - http://bash-x.net/undef/adv/craftygallery.html

XF - crafty-http-post-code-execution(25655)

OSVDB - 24387


Last Updated: 27 May 2016 10:42:09