CVE-2014-3942
published 2014-06-03CVE-2014-3942: The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated…
PriorityP337medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.63%
73.3th percentile
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
Affected
80 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | >= 4.5.0 < 4.5.34 | 4.5.34 |
| typo3 | cms | >= 4.7.0 < 4.7.19 | 4.7.19 |
| typo3 | cms | >= 6.0.0 < 6.0.14 | 6.0.14 |
| typo3 | cms | >= 6.1.0 < 6.1.9 | 6.1.9 |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
osv·2022-05-14
CVE-2014-3942 [HIGH] TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
GHSA
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
ghsa·2022-05-14
CVE-2014-3942 [HIGH] CWE-94 TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.htmlhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/http://www.debian.org/security/2014/dsa-2942http://www.openwall.com/lists/oss-security/2014/06/03/2http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.htmlhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/http://www.debian.org/security/2014/dsa-2942http://www.openwall.com/lists/oss-security/2014/06/03/2
2014-06-03
Published