CVE-2014-3942
TYPO3 4.5.0-4.5.33, 4.7.0-4.7.18, 6.0.0-6.0.13, 6.1.0-6.1.8 - Remote Code Execution via Color Picker Wizard
Title source: llmDescription
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
References (4)
Core 4
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2942
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/03/2
Scores
EPSS
0.0044
EPSS Percentile
63.5%
Details
CWE
CWE-94
Status
published
Products (50)
typo3/cms
4.5.0 - 4.5.34Packagist
typo3/typo3
6.1
typo3/typo3
6.1.1
typo3/typo3
6.1.2
typo3/typo3
6.1.3
typo3/typo3
6.1.4
typo3/typo3
6.1.5
typo3/typo3
6.1.6
typo3/typo3
6.1.7
typo3/typo3
6.1.8
... and 40 more
Published
Jun 03, 2014
Tracked Since
Feb 18, 2026