CVE Vulnerabilities

CVE-2006-6690

Published: Dec 21, 2006 | Modified: Oct 17, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

Affected Software

Name Vendor Start Version End Version
Typo3 Typo3 3.7.0 (including) 3.7.0 (including)
Typo3 Typo3 3.8 (including) 3.8 (including)
Typo3 Typo3 4.0 (including) 4.0 (including)
Typo3 Typo3 4.0.1 (including) 4.0.1 (including)
Typo3 Typo3 4.0.2 (including) 4.0.2 (including)
Typo3 Typo3 4.0.3 (including) 4.0.3 (including)

References