Description
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mass Delete Unused Tags Cross-Site Request Forgery (2.0.0)
WordPress Plugin CM Download Manager Cross-Site Scripting (2.7.0)
WordPress Plugin iQ Block Country Unspecified Vulnerability (1.1.33)
WordPress Plugin Car Rental by BestWebSoft Cross-Site Scripting (1.0.4)
Oracle Database Server CVE-2014-4300 Vulnerability (CVE-2014-4300)