aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).
Software | From | Fixed in |
---|---|---|
dtlink / areaedit | - | 0.4.2.x |