Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phpmyfaq | phpmyfaq | 2.7.0 |
| phpletter | ajax_file_and_image_manager | 0.8 |
| phpmyfaq | phpmyfaq | 2.6.14 |
| phpmyfaq | phpmyfaq | 2.6.13 |
| phpmyfaq | phpmyfaq | 2.6.6 |
| phpmyfaq | phpmyfaq | 2.6.12 |
| phpmyfaq | phpmyfaq | 2.6.2 |
| phpmyfaq | phpmyfaq | 2.6.11 |
| phpmyfaq | phpmyfaq | 2.6.9 |
| phpletter | ajax_file_and_image_manager | 0.8.24 |
| phpmyfaq | phpmyfaq | 2.6.8 |
| phpletter | ajax_file_and_image_manager | 0.9 |
| phpletter | ajax_file_and_image_manager | 0.6.12 |
| phpmyfaq | phpmyfaq | 2.6.3 |
| phpletter | ajax_file_and_image_manager | 1.0 |
| phpmyfaq | phpmyfaq | 2.6.17 |
| phpletter | ajax_file_and_image_manager | 0.7.10 |
| phpletter | ajax_file_and_image_manager | 0.6 |
| phpmyfaq | phpmyfaq | 2.6.0 |
| phpmyfaq | phpmyfaq | 2.6.4 |
| phpmyfaq | phpmyfaq | 2.6.16 |
| phpmyfaq | phpmyfaq | 2.6.15 |
| phpletter | ajax_file_and_image_manager | 0.8.8 |
| phpmyfaq | phpmyfaq | 2.6.5 |
| phpmyfaq | phpmyfaq | 2.6.7 |
| phpletter | ajax_file_and_image_manager | 0.7.8 |
| phpletter | ajax_file_and_image_manager | 0.5 |
| phpletter | ajax_file_and_image_manager | 0.5.7 |
| phpmyfaq | phpmyfaq | 2.6.1 |
| phpletter | ajax_file_and_image_manager | 0.8.9 |
| phpletter | ajax_file_and_image_manager | * |
| tinymce | tinymce | * |
| phpmyfaq | phpmyfaq | 2.6.18 |
| phpletter | ajax_file_and_image_manager | 0.5.5 |
| phpmyfaq | phpmyfaq | 2.6.10 |
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 2.2.0 |
| moodle | moodle | 2.1.8 |
| moodle | moodle | 2.2.5 |
| tinymce | spellchecker_php | 2.0.1 |
| tinymce | spellchecker_php | 2.0.2 |
| moodle | moodle | 2.1.0 |
| moodle | moodle | 2.1.6 |
| tinymce | spellchecker_php | 2.0 |
| moodle | moodle | 2.2.3 |
| moodle | moodle | 2.3.2 |
| tinymce | spellchecker_php | 2.0.6 |
| moodle | moodle | 2.1.9 |
| moodle | moodle | 2.1.5 |
| moodle | moodle | 2.4.0 |
| moodle | moodle | 2.1.3 |
| moodle | moodle | 2.2.1 |
| moodle | moodle | 2.2.6 |
| moodle | moodle | 2.1.1 |
| moodle | moodle | 2.1.7 |
| tinymce | spellchecker_php | 2.0.3 |
| moodle | moodle | 2.1.2 |
| moodle | moodle | 2.2.2 |
| moodle | moodle | 2.3.0 |
| moodle | moodle | 2.3.1 |
| moodle | moodle | 2.3.3 |
| moodle | moodle | 2.1.4 |
| moodle | moodle | 2.2.4 |
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wordpress | wordpress | 2.8.3 |
| wordpress | wordpress | 1.2.5 |
| tinymce | media | - |
| wordpress | wordpress | 1.5.1.3 |
| wordpress | wordpress | 2.8.2 |
| wordpress | wordpress | 2.9.2 |
| wordpress | wordpress | 2.1.1 |
| wordpress | wordpress | 1.5.1.1 |
| wordpress | wordpress | 2.9 |
| wordpress | wordpress | 3.4.2 |
| wordpress | wordpress | 3.3.3 |
| wordpress | wordpress | 3.5.0 |
| wordpress | wordpress | 1.0.2 |
| wordpress | wordpress | 2.2.2 |
| wordpress | wordpress | 2.6.3 |
| wordpress | wordpress | 2.5 |
| wordpress | wordpress | 2.0.6 |
| wordpress | wordpress | 2.0.8 |
| wordpress | wordpress | 1.3 |
| wordpress | wordpress | 2.9.1.1 |
| wordpress | wordpress | 2.8.4 |
| wordpress | wordpress | 2.3 |
| wordpress | wordpress | 2.3.2 |
| wordpress | wordpress | 2.0 |
| wordpress | wordpress | 2.1.2 |
| wordpress | wordpress | 3.4.1 |
| wordpress | wordpress | 2.0.2 |
| wordpress | wordpress | 1.2.2 |
| wordpress | wordpress | 1.3.2 |
| wordpress | wordpress | 2.3.1 |
| wordpress | wordpress | 1.2.3 |
| wordpress | wordpress | 2.7 |
| wordpress | wordpress | 2.8 |
| wordpress | wordpress | 2.0.4 |
| wordpress | wordpress | 2.8.5 |
| wordpress | wordpress | 2.8.1 |
| wordpress | wordpress | 1.2.4 |
| wordpress | wordpress | 3.4.0 |
| wordpress | wordpress | 1.2.1 |
| wordpress | wordpress | 2.1.3 |
| wordpress | wordpress | 2.2 |
| wordpress | wordpress | 1.5 |
| wordpress | wordpress | 3.3.2 |
| wordpress | wordpress | 2.5.1 |
| wordpress | wordpress | 2.0.1 |
| wordpress | wordpress | 1.5.1.2 |
| wordpress | wordpress | 2.0.11 |
| wordpress | wordpress | 2.3.3 |
| wordpress | wordpress | 2.8.6 |
| wordpress | wordpress | 1.1.1 |
| wordpress | wordpress | 2.6.1 |
| wordpress | wordpress | 2.6 |
| wordpress | wordpress | 2.0.5 |
| wordpress | wordpress | 1.0.1 |
| wordpress | wordpress | 2.8.5.2 |
| wordpress | wordpress | 1.5.2 |
| wordpress | wordpress | 2.7.1 |
| wordpress | wordpress | 2.2.1 |
| wordpress | wordpress | * |
| wordpress | wordpress | 1.6.2 |
| wordpress | wordpress | 1.2 |
| wordpress | wordpress | 2.6.5 |
| wordpress | wordpress | 0.71 |
| wordpress | wordpress | 2.2.3 |
| wordpress | wordpress | 2.0.10 |
| wordpress | wordpress | 2.0.9 |
| wordpress | wordpress | 2.9.1 |
| wordpress | wordpress | 1.3.3 |
| wordpress | wordpress | 2.1 |
| wordpress | wordpress | 1.0 |
| wordpress | wordpress | 3.3 |
| wordpress | wordpress | 2.8.5.1 |
| wordpress | wordpress | 1.5.1 |
| wordpress | wordpress | 2.6.2 |
| wordpress | wordpress | 3.3.1 |
| wordpress | wordpress | 2.0.7 |
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tinymce | color_picker | * |
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tinymce | color_picker | * |