CVE-2006-6678

2006-12-21T01:28:00
ID CVE-2006-6678
Type cve
Reporter cve@mitre.org
Modified 2011-03-08T02:46:00

Description

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.