CVE-2014-3942 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.34 || >=4.7.0 <4.7.19 || >=6.0.0 <6.0.14 || >=6.1.0 <6.1.9

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00442 pctl0.62406

Details

TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

Metadata

Created: 2022-05-14T04:01:57Z
Modified: 2025-04-14T16:01:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-55g3-fjwm-w2c8/GHSA-55g3-fjwm-w2c8.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-55g3-fjwm-w2c8
Finding: F422
Auto approve: 1