7.5
CVE-2006-6690
- EPSS 5.98%
- Veröffentlicht 21.12.2006 21:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.98% | 0.924 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html
http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html
http://secunia.com/advisories/23446
http://secunia.com/advisories/23466
http://securityreason.com/securityalert/2056
http://securitytracker.com/id?1017428
http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
http://www.sec-consult.com/272.html
http://www.securityfocus.com/archive/1/454944/100/0/threaded
http://www.securityfocus.com/bid/21680
http://www.vupen.com/english/advisories/2006/5094