CVE-2011-4825

Phpletter Ajax File And Image Manager < 1.0 - Code Injection

Title source: rule

Description

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/18975
exploitdb WORKING POC VERIFIED
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18083
exploitdb WORKING POC VERIFIED
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18084
exploitdb WORKING POC VERIFIED
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18085
exploitdb WRITEUP VERIFIED
by EgiX · textwebappsphp
https://www.exploit-db.com/exploits/18075
exploitdb WORKING POC
by Adel SBM · phpwebappsphp
https://www.exploit-db.com/exploits/18151
metasploit WORKING POC EXCELLENT
by EgiX, Adel SBM, sinn3r · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/log1cms_ajax_create_folder.rb

References (5)

Scores

EPSS 0.8304
EPSS Percentile 99.3%

Details

CWE
CWE-94
Status published
Products (35)
phpletter/ajax_file_and_image_manager 0.5
phpletter/ajax_file_and_image_manager 0.5.5
phpletter/ajax_file_and_image_manager 0.5.7
phpletter/ajax_file_and_image_manager 0.6
phpletter/ajax_file_and_image_manager 0.6.12
phpletter/ajax_file_and_image_manager 0.7.8
phpletter/ajax_file_and_image_manager 0.7.10
phpletter/ajax_file_and_image_manager 0.8
phpletter/ajax_file_and_image_manager 0.8.8
phpletter/ajax_file_and_image_manager 0.8.9
... and 25 more
Published Dec 15, 2011
Tracked Since Feb 18, 2026