Vulnerability Description
aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dtlink | Areaedit | <= 0.4.2 |
References
- http://secunia.com/advisories/16511PatchVendor Advisory
- http://www.formvista.com/forum.html?COMP=forum&cmd=view_thread&%28fvs%29cs_forum
- http://www.formvista.com/otherprojects/areaeditPatch
- http://secunia.com/advisories/16511PatchVendor Advisory
- http://www.formvista.com/forum.html?COMP=forum&cmd=view_thread&%28fvs%29cs_forum
- http://www.formvista.com/otherprojects/areaeditPatch
FAQ
What is CVE-2005-2682?
CVE-2005-2682 is a vulnerability with a CVSS score of 7.5 (HIGH). aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang var...
How severe is CVE-2005-2682?
CVE-2005-2682 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2682?
Check the references section above for vendor advisories and patch information. Affected products include: Dtlink Areaedit.