|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-04-02 | |
| Rule Name: | Log1 CMS writeInfo PHP Code Injection Vulnerability (CVE-2011-4825) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ExploitDB:18075 SecurityFocusBID:50523 http://www.phpletter.com/en/DOWNLOAD/1/ http://www.phpmyfaq.de/advisory_2011-10-25.php |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://log1cms.sourceforge.net/ |