Vulnerability Description
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpletter | Ajax File And Image Manager | <= 1.0 |
| Phpmyfaq | Phpmyfaq | 2.6.0 |
| Tinymce | Tinymce | <= 1.4.1 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/18075
- http://www.phpletter.com/en/DOWNLOAD/1/
- http://www.phpmyfaq.de/advisory_2011-10-25.php
- http://www.securityfocus.com/bid/50523Exploit
- http://www.zenphoto.org/trac/ticket/2005
- http://www.exploit-db.com/exploits/18075
- http://www.phpletter.com/en/DOWNLOAD/1/
- http://www.phpmyfaq.de/advisory_2011-10-25.php
- http://www.securityfocus.com/bid/50523Exploit
- http://www.zenphoto.org/trac/ticket/2005
FAQ
What is CVE-2011-4825?
CVE-2011-4825 is a vulnerability with a CVSS score of 7.5 (HIGH). Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly o...
How severe is CVE-2011-4825?
CVE-2011-4825 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4825?
Check the references section above for vendor advisories and patch information. Affected products include: Phpletter Ajax File And Image Manager, Phpmyfaq Phpmyfaq, Tinymce Tinymce.