Summary
This host is installed with TYPO3 and is prone to command execution vlnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitary commands.
Impact Level: System/Application
Solution
Upgrade to TYPO3 version 4.0.4 or later,
For updates,
http://typo3.org/
Insight
An error exists in the rtehtmlarea extension, which fails to properly validate user supplied input to "userUid" parameter
Affected
TYPO3 version before 4.0.3
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-6690 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- ATutor password reminder SQL injection
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability