Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5147

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-5147
Last Modified 12 Sep 2013 02:24:58
Published 31 Aug 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5147

Summary

Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.

Vulnerable Systems

Application

  • Freewebshop 2.1

  • Freewebshop 2.2.1

  • Freewebshop 2.2.2

  • Freewebshop 2.2.3

  • Freewebshop 2.2.4

  • Freewebshop 2.2.5

  • Freewebshop 2.2.6

  • Freewebshop 2.2.7

  • Freewebshop 2.2.7 Wip1 2

  • Freewebshop 2.2.9


References

OSVDB - 77162

MISC - http://www.freewebshop.org/forum/index.php?topic=5235.0

EXPLOIT-DB - 18121


Last Updated: 27 May 2016 11:00:26