Summary
This host is installed with TYPO3 and is prone to command execution vlnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitary commands.
Impact Level: System/Application
Solution
Upgrade to TYPO3 version 4.0.4 or later,
For updates,
http://typo3.org/
Insight
An error exists in the rtehtmlarea extension, which fails to properly validate user supplied input to "userUid" parameter
Affected
TYPO3 version before 4.0.3
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-6690 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Arkeia Appliance Multiple Vulnerabilities
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability