Vulnerability Details : CVE-2011-4825
Public exploit exists!
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
Products affected by CVE-2011-4825
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.24:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tinymce:tinymce:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4825
90.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-4825
-
Log1 CMS writeInfo() PHP Code Injection
Disclosure Date: 2011-04-11First seen: 2020-04-26exploit/multi/http/log1cms_ajax_create_folderThis module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which res
CVSS scores for CVE-2011-4825
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-4825
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4825
-
http://www.zenphoto.org/trac/ticket/2005
ZenphotoCMS - The simpler media website CMS
-
http://www.phpletter.com/en/DOWNLOAD/1/
Nothing found for Enhttp: Www Phpletter Com Midorimushi Suppli
-
http://www.exploit-db.com/exploits/18075
Ajax File and Image Manager 1.0 Final - Remote Code Execution - PHP webapps Exploit
-
http://www.phpmyfaq.de/advisory_2011-10-25.php
phpMyFAQ - Page not found ☹
-
http://www.securityfocus.com/bid/50523
Ajax File and Image Manager 'data.php' PHP Code Injection VulnerabilityExploit
Jump to