Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4825

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4825
Last Modified 15 Dec 2011 01:03:31
Published 14 Dec 2011 10:57:34
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4825

Summary

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

Vulnerable Systems

Application

  • Phpletter Ajax File And Image Manager 0.5

  • Phpletter Ajax File And Image Manager 0.5.5

  • Phpletter Ajax File And Image Manager 0.5.7

  • Phpletter Ajax File And Image Manager 0.6

  • Phpletter Ajax File And Image Manager 0.6.12

  • Phpletter Ajax File And Image Manager 0.7.10

  • Phpletter Ajax File And Image Manager 0.7.8

  • Phpletter Ajax File And Image Manager 0.8

  • Phpletter Ajax File And Image Manager 0.8.24

  • Phpletter Ajax File And Image Manager 0.8.8

  • Phpletter Ajax File And Image Manager 0.8.9

  • Phpletter Ajax File And Image Manager 0.9

  • Phpletter Ajax File And Image Manager 1.0

  • Phpmyfaq 2.6.0

  • Phpmyfaq 2.6.1

  • Phpmyfaq 2.6.10

  • Phpmyfaq 2.6.11

  • Phpmyfaq 2.6.12

  • Phpmyfaq 2.6.13

  • Phpmyfaq 2.6.14

  • Phpmyfaq 2.6.15

  • Phpmyfaq 2.6.16

  • Phpmyfaq 2.6.17

  • Phpmyfaq 2.6.18

  • Phpmyfaq 2.6.2

  • Phpmyfaq 2.6.3

  • Phpmyfaq 2.6.4

  • Phpmyfaq 2.6.5

  • Phpmyfaq 2.6.6

  • Phpmyfaq 2.6.7

  • Phpmyfaq 2.6.8

  • Phpmyfaq 2.6.9

  • Phpmyfaq 2.7.0

  • Tinymce 1.4.1


References

CONFIRM - http://www.zenphoto.org/trac/ticket/2005

BID - 50523

CONFIRM - http://www.phpmyfaq.de/advisory_2011-10-25.php

CONFIRM - http://www.phpletter.com/en/DOWNLOAD/1/

EXPLOIT-DB - 18075


Last Updated: 27 May 2016 10:57:55