{"id":"CVE-2006-6678","details":"The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.","modified":"2026-01-27T04:07:37.073985Z","published":"2006-12-21T01:28:00Z","withdrawn":"2026-01-27T04:07:37.073985Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/23822"},{"type":"ADVISORY","url":"http://www.debian.org/security/2007/dsa-1251"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/5092"},{"type":"FIX","url":"http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183"},{"type":"WEB","url":"http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4"},{"type":"WEB","url":"http://www.securityfocus.com/bid/22158"}],"schema_version":"1.7.3"}