Unrated severityNVD Advisory· Published Dec 21, 2006· Updated Jun 16, 2026
CVE-2006-6690
CVE-2006-6690
Description
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
- (no CPE)range: <=4.0.3, 4.1 beta
Patches
Vulnerability mechanics
References
11- secunia.com/advisories/23446nvdPatchVendor Advisory
- secunia.com/advisories/23466nvdPatchVendor Advisory
- securitytracker.com/idnvdExploitPatch
- www.sec-consult.com/272.htmlnvdExploit
- www.securityfocus.com/bid/21680nvdExploitPatch
- lists.netfielders.de/pipermail/typo3-announce/2006/000045.htmlnvdVendor Advisory
- lists.netfielders.de/pipermail/typo3-announce/2006/000046.htmlnvdVendor Advisory
- securityreason.com/securityalert/2056nvd
- typo3.org/news-single-view/nvd
- www.securityfocus.com/archive/1/454944/100/0/threadednvd
- www.vupen.com/english/advisories/2006/5094nvd
News mentions
0No linked articles in our index yet.