Back to search
CVE-2011-5147
Published: Aug 31, 2012
Modified: Sep 17, 2024
PUBLISHED
Description
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
18121
exploit
x_refsource_EXPLOIT-DB
77162
vdb-entry
x_refsource_OSVDB
http://www.freewebshop.org/forum/index.php?topic=5235.0
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now