CVE-2006-6690

N/A Unknown

Published: December 21, 2006 Modified: April 23, 2026

Description

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html

Source: cve@mitre.org

Vendor Advisory

http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23446

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/23466

Source: cve@mitre.org

Patch Vendor Advisory

http://securityreason.com/securityalert/2056

Source: cve@mitre.org

http://securitytracker.com/id?1017428

Source: cve@mitre.org

Exploit Patch

http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9

Source: cve@mitre.org

http://www.sec-consult.com/272.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/454944/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21680

Source: cve@mitre.org

Exploit Patch

http://www.vupen.com/english/advisories/2006/5094

Source: cve@mitre.org

http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/23446

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/23466

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://securityreason.com/securityalert/2056

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017428

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sec-consult.com/272.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/454944/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21680

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://www.vupen.com/english/advisories/2006/5094

Source: af854a3a-2127-422b-91ae-364da2661108

22 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

21.6%

96th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

typo3