What is CVE-2011-4825?

CVE-2011-4825 is a vulnerability in Phpletter Ajax_file_and_image_manager, classified under Code Injection. Published 2011-12-15.

Is CVE-2011-4825 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Phpletter Ajax_file_and_image_manager

CVE-2011-4825

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.830 (99.3th percentile) — read the EPSS interpretation.

Affected products

Phpletter Ajax_file_and_image_manager — versions 0.5, 0.5.5, 0.5.7
Phpmyfaq — versions 2.6.0, 2.6.1, 2.6.2
Tinymce
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
50523 (Exploit, vdb-entry, x_refsource_BID)
18075 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2011-4825?: CVE-2011-4825 is a vulnerability in Phpletter Ajax_file_and_image_manager, classified under Code Injection. Published 2011-12-15.
Is CVE-2011-4825 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.