Candidate: CVE-2011-4825
PublicDate: 2011-12-15 03:57:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4825
Description:
 Static code injection vulnerability in inc/function.base.php in Ajax File
 and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6
 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows
 remote attackers to inject arbitrary PHP code into data.php via crafted
 parameters.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_tinymce:
upstream_tinymce: needs-triage
hardy_tinymce: not-affected (code-not-present)
lucid_tinymce: not-affected (code-not-present)
maverick_tinymce: not-affected (code-not-present)
natty_tinymce: not-affected (code-not-present)
oneiric_tinymce: not-affected (code-not-present)
devel_tinymce: not-affected (code-not-present)

Patches_tinymce2:
upstream_tinymce2: needs-triage
hardy_tinymce2: DNE
lucid_tinymce2: not-affected (code-not-present)
maverick_tinymce2: not-affected (code-not-present)
natty_tinymce2: not-affected (code-not-present)
oneiric_tinymce2: not-affected (code-not-present)
devel_tinymce2: not-affected (code-not-present)