VYPR
Unrated severityNVD Advisory· Published Dec 21, 2006· Updated Jun 16, 2026

CVE-2006-6690

CVE-2006-6690

Description

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • TYPO3/Typo37 versions
    cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
    • (no CPE)range: <=4.0.3, 4.1 beta

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.