7.5

CVE-2006-6690

Exploit

EPSS 17.11%
Veröffentlicht 21.12.2006 21:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version3.7.0

Typo3 ≫ Typo3 Version3.8

Typo3 ≫ Typo3 Version4.0

Typo3 ≫ Typo3 Version4.0.1

Typo3 ≫ Typo3 Version4.0.2

Typo3 ≫ Typo3 Version4.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.11%	0.947

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html

Vendor Advisory

http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html

Vendor Advisory

http://secunia.com/advisories/23446

Patch

Vendor Advisory

http://secunia.com/advisories/23466

Patch

Vendor Advisory

http://securityreason.com/securityalert/2056

http://securitytracker.com/id?1017428

Patch

Exploit

http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9

http://www.sec-consult.com/272.html

Exploit

http://www.securityfocus.com/archive/1/454944/100/0/threaded

http://www.securityfocus.com/bid/21680

Patch

Exploit

http://www.vupen.com/english/advisories/2006/5094

https://nvd.nist.gov/vuln/detail/CVE-2006-6690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6690

EUVD