6 matches found
CVE-2006-1667
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquerys parameter when the $projectid variable is less than 1, which prevents...
CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php...
Sql injection
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquerys parameter when the $projectid variable is less than 1, which prevents...
CVE-2006-1667
Summary: CVE-2006-1667 affects Eric Gerdes Crafty Syntax Image Gallery (CSIG) up to version 3.1g. The vulnerability is a SQL injection in slides.php caused when the variable $projectid is less than 1, which prevents the limitquery_s parameter from being set. This enables remote authenticated user...
CVE-2006-1668
The CVE-2006-1668 issue affects Eric Gerdes Crafty Syntax Image Gallery (CSIG) versions 3.1g and earlier. Affected component: newimage.php handling in the application. Root cause: remote authenticated users can upload a file via multipart/form-data with a .jpg filename in the fullimage parameter ...
CVE-2006-1667
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquerys parameter when the $projectid variable is less than 1, which prevents...