Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-12-15T02:00:00Z

Updated: 2024-09-17T00:46:26.904Z

Reserved: 2011-12-14T00:00:00Z

Link: CVE-2011-4825

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-12-15T03:57:34.667

Modified: 2024-11-21T01:33:04.383

Link: CVE-2011-4825

cve-icon Redhat

No data.