rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-21T21:00:00

Updated: 2024-08-07T20:33:59.962Z

Reserved: 2006-12-21T00:00:00

Link: CVE-2006-6690

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-12-21T21:28:00.000

Modified: 2024-11-21T00:23:24.967

Link: CVE-2006-6690

cve-icon Redhat

No data.