Description

Multiple vendor applications utilize the TinyMCE script. TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor control. This plugin includes a file './plugins/ajaxfilemanager/ajax_create_folder.php' that is vulnerable to remote PHP code execution. The writeInfo() function simply writes all the $_POST content into a file called 'data.php' so an attacker can execute arbitrary PHP code.

Remediation

Upgrade TinyMCE script to the latest version or delete the ajax_create_folder.php if you don't use the AJAX file manager functionality.

References

Related Vulnerabilities