Description

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

Remediation

References

CVE-2011-4825

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42111)

WordPress Plugin 3D Slider Slice Box Multiple Cross-Site Scripting Vulnerabilities (1.0)

WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Cross-Site Scripting (2.3.18)

WebLogic CVE-2020-14622 Vulnerability (CVE-2020-14622)

WordPress Plugin Radio Buttons for Taxonomies Cross-Site Request Forgery (2.0.5)

Severity

High

Classification

CVE-2011-4825 CWE-94

Tags

Missing Update Known Vulnerabilities