Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2006-6690

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

  • Published: Dec 21, 2006
  • Updated: Apr 13, 2023
  • CVE: CVE-2006-6690
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
typo3 / typo3 4.0.3 4.0.3.x
typo3 / typo3 4.0.1 4.0.1.x
typo3 / typo3 4.0.2 4.0.2.x
typo3 / typo3 4.0 4.0.x
typo3 / typo3 3.7.0 3.7.0.x
typo3 / typo3 3.8 3.8.x