CVE-2006-1668

Sažetak

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

Reference

http://bash-x.net/undef/adv/craftygallery.html
http://bash-x.net/undef/exploits/crappy_syntax.txt
http://secunia.com/advisories/19478
http://www.osvdb.org/24387
http://www.securityfocus.com/bid/17379
http://www.vupen.com/english/advisories/2006/1239
https://exchange.xforce.ibmcloud.com/vulnerabilities/25655
https://www.exploit-db.com/exploits/1645

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-10-2017 - 01:29

Objavljeno

07-04-2006 - 10:04