CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.6%
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Vendor | Product | Version | CPE |
---|---|---|---|
typo3 | typo3 | 3.7.0 | cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:* |
typo3 | typo3 | 3.8 | cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:* |
typo3 | typo3 | 4.0 | cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:* |
typo3 | typo3 | 4.0.1 | cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:* |
typo3 | typo3 | 4.0.2 | cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:* |
typo3 | typo3 | 4.0.3 | cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:* |
lists.netfielders.de/pipermail/typo3-announce/2006/000045.html
lists.netfielders.de/pipermail/typo3-announce/2006/000046.html
secunia.com/advisories/23446
secunia.com/advisories/23466
securityreason.com/securityalert/2056
securitytracker.com/id?1017428
typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
www.sec-consult.com/272.html
www.securityfocus.com/archive/1/454944/100/0/threaded
www.securityfocus.com/bid/21680
www.vupen.com/english/advisories/2006/5094