CVE-2006-5258

critical

Description

The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked.

References

http://www.vupen.com/english/advisories/2006/4061

http://www.vupen.com/english/advisories/2006/4060

http://www.vupen.com/english/advisories/2006/4004

http://www.securityfocus.com/bid/20544

http://wcm.asbrusoft.com/page.php/id=791

http://secunia.com/advisories/22472

http://secunia.com/advisories/22353

http://secunia.com/advisories/22344

http://editor.asbrusoft.com/page.php/id=727

http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0306.html

Details

Source: Mitre, NVD

Published: 2006-10-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01298