CVE-2011-4906
published 2020-02-12CVE-2011-4906: Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
9.58%
94.9th percentile
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla! | tiny_browser_included_with_tinymce_3.0 | — | — |
| joomla! | tiny_browser_included_with_tinymce_3.0 | — | — |
| tiny | tinybrowser | < 1.5.13 | 1.5.13 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows arbitrary file upload via the TinyMCE Tiny Browser component in Joomla! before 1.5.13, resulting in remote PHP code execution. Monitor for unexpected PHP file uploads through the TinyMCE editor endpoint. ↗
- →Exploit code uses raw TCP socket connections (fsockopen) to interact with the target Joomla host and port, crafting HTTP requests manually to abuse the TinyMCE upload endpoint. Detect anomalous multipart file upload requests to TinyMCE-related paths on Joomla installations. ↗
- →Outdated/third-party deployments of TinyMCE may still be vulnerable. Audit all TinyMCE integrations for version 3.0 and below, including those embedded in marketing or CMS platforms. ↗
- ·The vulnerability is specific to Joomla! versions before 1.5.13 using TinyMCE 3.0's Tiny Browser component. Upgraded or patched installations are not affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
https://developer.joomla.org/security/news/301-20090722-core-file-upload.htmlhttps://www.exploit-db.com/exploits/10183https://www.openwall.com/lists/oss-security/2011/12/25/7https://developer.joomla.org/security/news/301-20090722-core-file-upload.htmlhttps://www.exploit-db.com/exploits/10183https://www.openwall.com/lists/oss-security/2011/12/25/7
2020-02-12
Published