Unrated severityNVD Advisory· Published Apr 7, 2006· Updated Jun 16, 2026
CVE-2006-1668
CVE-2006-1668
Description
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:crafty_syntax_image_gallery:crafty_syntax_image_gallery:*:*:*:*:*:*:*:*Range: <=3.1g
- Range: <=3.1g
Patches
Vulnerability mechanics
References
8- bash-x.net/undef/adv/craftygallery.htmlnvdExploitURL Repurposed
- bash-x.net/undef/exploits/crappy_syntax.txtnvdExploitURL Repurposed
- secunia.com/advisories/19478nvdExploitVendor Advisory
- www.securityfocus.com/bid/17379nvdExploit
- www.osvdb.org/24387nvd
- www.vupen.com/english/advisories/2006/1239nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25655nvd
- www.exploit-db.com/exploits/1645nvd
News mentions
0No linked articles in our index yet.