CVE-2006-6678

2006-12-20T20:28:00
ID CVE-2006-6678
Type cve
Reporter NVD
Modified 2011-03-07T21:46:46

Description

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.