CVE-2011-4908
published 2020-02-12CVE-2011-4908: TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
55.77%
98.9th percentile
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla! | tinybrowser_plugin | — | — |
| joomla! | tinybrowser_plugin | — | — |
| tiny | tinybrowser | < 1.5.13 | 1.5.13 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploit check requests: HTTP GET to the tinybrowser upload.php path with query parameters type=file&folder= that returns a response body containing 'flexupload.swf' indicates a vulnerable instance. ↗
- →Alert on unauthenticated access to the tinybrowser directory path jscripts/tiny_mce/plugins/tinybrowser from external sources; the directory is accessible without authentication by default. ↗
- →Monitor for arbitrary folder creation via tinybrowser.php: HTTP GET requests to tinybrowser.php?type=image&folder=<arbitrary_name> that result in new directory creation under useruploads/images/. ↗
- →Detect successful file upload exploitation by monitoring HTTP GET requests to /images/stories/*.php following prior POST activity to the tinybrowser upload endpoints. ↗
- ·The tinybrowser config ships with an unrestricted file upload size (maxsize=0) and a prohibited extensions list that can be bypassed via double-extension tricks (e.g., .ph.p). Verify your config_tinybrowser.php enforces strict extension and size controls. ↗
- ·The plugin lacks CSRF protection on all major file/folder operations (create, delete, rename), making it trivially exploitable via cross-site request forgery even if authentication is added. ↗
- ·GET/POST variables in upload.php (goodfiles, badfiles, dupfiles) are unsanitized and reflected, enabling XSS. Input validation must be applied to all tinybrowser endpoints. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
exploitdb·2009-07-28
CVE-2011-4908 TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
---
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Advisory URL:
http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities
Date published: 2009-07-27
Severity: High
Vulnerability Class: Abuse of Functionality
Affected Products:
- TinyMCE editor with TinyBrowser plugin
- Any web sites/web applications that use TinyMCE editor with TinyBrowser plugin
Author: Bryn Jones (http://www.lunarvis.com)
Author Contacted: Yes
Reply: No reply
Product Overview
TinyBrowser is a plugin of TinyMCE JavaScript editor that acts as
file browser to view, upload, delete, renam
Exploit-DB
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Execution
exploitdb·2009-07-22
CVE-2011-4908 Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Execution
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Execution
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Joomla 1.5.12 TinyBrowser File Upload Code Execution',
'Description' => %q{
This module exploits a vulnerability in the TinyMCE/tinybrowser plugin.
This plugin is not secured in version 1.5.12 of joomla and allows the upload
of files on the remote server.
By renaming the uploaded file this vulnerability can be used to upload/execute
code on the affected system.
},
'Author' => [ 'spinbad ' ],
'License' => MSF_LICENSE,
'Vers
Metasploit
Joomla 1.5.12 TinyBrowser File Upload Code Execution
metasploit
Joomla 1.5.12 TinyBrowser File Upload Code Execution
Joomla 1.5.12 TinyBrowser File Upload Code Execution
This module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 1.5.12 of joomla and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
No writeups or analysis indexed.
https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908https://www.exploit-db.com/exploits/9926https://www.openwall.com/lists/oss-security/2011/12/25/7https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908https://www.exploit-db.com/exploits/9926https://www.openwall.com/lists/oss-security/2011/12/25/7
2020-02-12
Published