TYPO3 userUid Command Execution Vulnerability

TYPO3 is prone to a command execution vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

CVE-2006-6690

CVE-2006-6690 affects TYPO3 with the rtehtmlarea extension (Typo3 4.0.0–4.0.3, 3.7–3.8, and 4.1 beta). The issue allows remote command execution via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php (reported as a vulnerability enabli...

Typo3 3.7/3.8/4.0 - 'Class.TX_RTEHTMLArea_PI1.php' Multiple Remote Command Execution Vulnerabilities

source: https://www.securityfocus.com/bid/21680/info TYPO3 is prone to multiple vulnerabilities that allow attackers to execute arbitrary commands. This issue occurs because the application fails to properly sanitize user-supplied data. Exploiting these issues allows unauthenticated attackers to...

[Full-disclosure] SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability

SEC-CONSULT Security Advisory 20061220-0 ======================================================================= title: Remote Command Execution in Typo3 program: Typo3 Content Management System vulnerable version: 4.0.0 - 4.0.3 3.7 and 3.8 with rtehtmlarea extension 4.1beta impact: critical...

Remote Command Execution

A critical problem has been discovered in plugin class.txrtehtmlareapi1.php that is used for spell-checking in the rtehtmlarea extension. Component Type: System Extension TYPO3 Versions 4.0-4.0.3, 4.1beta Third Party Extension TYPO3 Versions up to 3.8.1. Since TYPO3 Version 4.0 the extension is...