VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 15, 2011· Updated Apr 29, 2026

CVE-2011-4825

CVE-2011-4825

Description

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

Affected products

41
  • Phpletter/Ajax File And Image Manager20 versions
    cpe:2.3:a:phpletter:ajax_file_and_image_manager:*:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:*:*:*:*:*:*:*:*range: <=1.0
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.24:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc5:*:*:*:*:*:*
  • PhpMyAdmin/Phpmyfaq20 versions
    cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*
  • Tinymce/Tinymce
    cpe:2.3:a:tinymce:tinymce:*:*:*:*:*:*:*:*
    Range: <=1.4.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.