newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation16 reference(s) from NVD