[原文]aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).
AreaEdit SpellChecker lang Variable Arbitrary Code Execution
Remote / Network Access
Loss of Integrity
AreaEdit contains a flaw that may allow a malicious user to execute arbitrary code on the web server. The issue is triggered when the SpellChecker plugin, aspell_setup.php does not properly sanitize user input to the 'lang' variable. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.
Upgrade to version 0.4.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds: from older releases delete the areaedit/plugins/SpellChecker directory.