Unrated severityNVD Advisory· Published Dec 21, 2006· Updated Apr 23, 2026
CVE-2006-6690
CVE-2006-6690
Description
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Affected products
6cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- secunia.com/advisories/23446nvdPatchVendor Advisory
- secunia.com/advisories/23466nvdPatchVendor Advisory
- securitytracker.com/idnvdExploitPatch
- www.sec-consult.com/272.htmlnvdExploit
- www.securityfocus.com/bid/21680nvdExploitPatch
- lists.netfielders.de/pipermail/typo3-announce/2006/000045.htmlnvdVendor Advisory
- lists.netfielders.de/pipermail/typo3-announce/2006/000046.htmlnvdVendor Advisory
- securityreason.com/securityalert/2056nvd
- typo3.org/news-single-view/nvd
- www.securityfocus.com/archive/1/454944/100/0/threadednvd
- www.vupen.com/english/advisories/2006/5094nvd
News mentions
0No linked articles in our index yet.