Vulnerabilities > Phpletter

DATE CVE VULNERABILITY TITLE RISK
2011-12-15 CVE-2011-4825 Code Injection vulnerability in multiple products
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
network
low complexity
phpletter phpmyfaq tinymce CWE-94
7.5