← volver
CVE-2006-6690

CVE-2006-6690

EPSS 6.0%
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/29300no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.htmlhttp://lists.netfielders.de/pipermail/typo3-announce/2006/000046.htmlhttp://secunia.com/advisories/23446http://secunia.com/advisories/23466http://securityreason.com/securityalert/2056http://securitytracker.com/id?1017428http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9http://www.sec-consult.com/272.htmlhttp://www.securityfocus.com/archive/1/454944/100/0/threadedhttp://www.securityfocus.com/bid/21680http://www.vupen.com/english/advisories/2006/5094