Static Code Injection Vulnerability in Ajax File and Image Manager

Static Code Injection Vulnerability in Ajax File and Image Manager

CVE-2011-4825 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

Learn more about our Web Application Penetration Testing UK.