Description
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Remediation
References
Related Vulnerabilities
WordPress Plugin Acurax On Click Pop Under Multiple Unspecified Vulnerabilities (2.2.1)
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15080)
Oracle Database Server Other Vulnerability (CVE-2005-3444)
MySQL CVE-2024-21198 Vulnerability (CVE-2024-21198)
WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.49)