phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions prior to 1.6.003; and EPL 9.1 prior to 9.1.20100309 and 9.2 prior to 9.2.20100309; allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
egroupware egroupware 1.6.001\\+.002 |
||
egroupware egroupware 1.6.001 |
||
egroupware egroupware 9.1 |
||
egroupware egroupware 1.6.002 |
||
egroupware egroupware 1.4.001 |
||
egroupware egroupware 1.4.002 |
||
egroupware egroupware 9.2 |
||
egroupware egroupware 1.4.001\\+.002 |