Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Crafty Syntax Image Gallery newimage.php 权限认证和访问控制漏洞
Vulnerability Description
Eric Gerdes Crafty Syntax Image Gallery(CSIG) 3.1g及早期版本(又称PHP缩略图图片库)的newimage.php可让远程未授权的用户上传和执行任意的PHP代码,方式是通过在设置的php文件中的fullimage和ext参数中的一个multipart/form-data POST,这个POST带一个扩展名为jpg的文件名。
CVSS Information
N/A
Vulnerability Type
N/A