CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%
Static code injection vulnerability in inc/function.base.php in Ajax File
and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6
before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows
remote attackers to inject arbitrary PHP code into data.php via crafted
parameters.