← voltar
CVE-2006-6690

CVE-2006-6690

EPSS 6.0%
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/29300não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.htmlhttp://lists.netfielders.de/pipermail/typo3-announce/2006/000046.htmlhttp://secunia.com/advisories/23446http://secunia.com/advisories/23466http://securityreason.com/securityalert/2056http://securitytracker.com/id?1017428http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9http://www.sec-consult.com/272.htmlhttp://www.securityfocus.com/archive/1/454944/100/0/threadedhttp://www.securityfocus.com/bid/21680http://www.vupen.com/english/advisories/2006/5094