Arbitrary PHP Code Execution via TinyMCE 3.0 Editor in Joomla!

Arbitrary PHP Code Execution via TinyMCE 3.0 Editor in Joomla!

CVE-2011-4906 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.

Learn more about our Web Application Penetration Testing UK.