CVE-2006-6690

🗓️ 21 Dec 2006 21:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Typo3 4.0.0-4.0.3, 3.7-3.8 with rtehtmlarea extension allows remote authenticated users to execute arbitrary commands via shell metacharacters.

Reporter	Title	Published	Views	Family All 4
Cvelist	CVE-2006-6690	21 Dec 200621:00	–	cvelist
NVD	CVE-2006-6690	21 Dec 200621:28	–	nvd
OpenVAS	TYPO3 userUid Command Execution Vulnerability	9 Jan 201400:00	–	openvas
Tenable Nessus	TYPO3 'spell-check-logic.php' 'userUid' Parameter Arbitrary Command Execution	21 Dec 200600:00	–	nessus

NVD

Node

typo3 typo3Match3.7.0

typo3 typo3Match4.0.1

typo3 typo3Match4.0.2

typo3 typo3Match4.0.3

Source	Link
lists	www.lists.netfielders.de/pipermail/typo3-announce/2006/000046.html
vupen	www.vupen.com/english/advisories/2006/5094
securityfocus	www.securityfocus.com/bid/21680
lists	www.lists.netfielders.de/pipermail/typo3-announce/2006/000045.html
securityfocus	www.securityfocus.com/archive/1/454944/100/0/threaded
securitytracker	www.securitytracker.com/id
securityreason	www.securityreason.com/securityalert/2056
sec-consult	www.sec-consult.com/272.html
secunia	www.secunia.com/advisories/23446
typo3	www.typo3.org/news-single-view/

Parameter	Position	Path	Description	CWE
userUid	query param	rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php	Remote authenticated users can execute arbitrary commands via shell metacharacters in the userUid parameter.	CWE-77

23 Apr 2026 00:35Current

7.4High risk

Vulners AI Score7.4

CVSS 27.5

EPSS0.21035