mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
807 B
807 B
CVE-2006-6690
Description
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
POC
Reference
Github
No PoCs found on GitHub currently.