CVE-2006-1668

Name of the Vulnerable Software and Affected Versions: Eric Gerdes Crafty Syntax Image Gallery (CSIG) versions 3.1g and earlier

Description: The issue allows remote authenticated users to upload and execute arbitrary PHP code. This can be achieved by sending a multipart/form-data POST request with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

Recommendations: For versions 3.1g and earlier, restrict access to the newimage.php file to prevent unauthorized uploads until a fix is available. As a temporary workaround, consider disabling the execution of PHP code in uploaded files to minimize the risk of exploitation.