CVE-2014-3942
EPSS 0.44%TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
Published: 5/14/2022Modified: 4/14/2025
Also known as:GHSA-55g3-fjwm-w2c8
Description
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
Affected packages (1)
- Packagist/typo3/cms>= 4.5.0, < 4.5.34
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3942
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttp://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
- WEBhttps://typo3.org/security/advisory/typo3-core-sa-2014-001
- WEBhttp://www.debian.org/security/2014/dsa-2942
- WEBhttp://www.openwall.com/lists/oss-security/2014/06/03/2