MidnightBSD

Advisories for phpletter

CVE-2011-4825 HIGH

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpletter ajax_file_and_image_manager 0.9
phpmyfaq phpmyfaq 2.6.18
phpmyfaq phpmyfaq 2.6.12
phpmyfaq phpmyfaq 2.7.0
phpletter ajax_file_and_image_manager 0.7.10
phpmyfaq phpmyfaq 2.6.4
phpmyfaq phpmyfaq 2.6.11
phpmyfaq phpmyfaq 2.6.15
tinymce tinymce *
phpmyfaq phpmyfaq 2.6.1
phpmyfaq phpmyfaq 2.6.0
phpmyfaq phpmyfaq 2.6.8
phpletter ajax_file_and_image_manager 0.8
phpletter ajax_file_and_image_manager 0.6
phpletter ajax_file_and_image_manager 0.5.7
phpmyfaq phpmyfaq 2.6.6
phpmyfaq phpmyfaq 2.6.9
phpletter ajax_file_and_image_manager 0.8.8
phpmyfaq phpmyfaq 2.6.13
phpletter ajax_file_and_image_manager *
phpmyfaq phpmyfaq 2.6.2
phpmyfaq phpmyfaq 2.6.5
phpmyfaq phpmyfaq 2.6.17
phpmyfaq phpmyfaq 2.6.10
phpletter ajax_file_and_image_manager 0.8.9
phpmyfaq phpmyfaq 2.6.7
phpletter ajax_file_and_image_manager 1.0
phpletter ajax_file_and_image_manager 0.6.12
phpmyfaq phpmyfaq 2.6.16
phpmyfaq phpmyfaq 2.6.3
phpletter ajax_file_and_image_manager 0.5.5
phpmyfaq phpmyfaq 2.6.14
phpletter ajax_file_and_image_manager 0.8.24
phpletter ajax_file_and_image_manager 0.5
phpletter ajax_file_and_image_manager 0.7.8