CVE-2006-6690

Vulnerability Description

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

CVSS Score

Affected Products

References

• http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.htmlVendor Advisory
• http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.htmlVendor Advisory
• http://secunia.com/advisories/23446PatchVendor Advisory
• http://secunia.com/advisories/23466PatchVendor Advisory
• http://securityreason.com/securityalert/2056
• http://securitytracker.com/id?1017428ExploitPatch
• http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a
• http://www.sec-consult.com/272.htmlExploit
• http://www.securityfocus.com/archive/1/454944/100/0/threaded
• http://www.securityfocus.com/bid/21680ExploitPatch
• http://www.vupen.com/english/advisories/2006/5094
• http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.htmlVendor Advisory
• http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.htmlVendor Advisory
• http://secunia.com/advisories/23446PatchVendor Advisory
• http://secunia.com/advisories/23466PatchVendor Advisory