aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit prior to 0.4.3 allows remote malicious users to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dtlink areaedit |