3 matches found
CVE-2006-6690
rtehtmlarea/pi1/class.txrtehtmlareapi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to...
CVE-2006-6690
CVE-2006-6690 affects TYPO3 with the rtehtmlarea extension (Typo3 4.0.0–4.0.3, 3.7–3.8, and 4.1 beta). The issue allows remote command execution via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php (reported as a vulnerability enabli...
TYPO3 'spell-check-logic.php' 'userUid' Parameter Arbitrary Command Execution
The remote host is running TYPO3, an open source content management system written in PHP. The version of TYPO3 installed on the remote host fails to sanitize user-supplied input to the 'userUid' parameter before using it in the 'spell-check-logic.php' script to execute a command. An...