CVE-2014-3942CVE-2014-3942

Affected configuration(s):

cpe:/a:typo3:typo3:4.5.0
cpe:/a:typo3:typo3:4.5.1
cpe:/a:typo3:typo3:4.5.2
cpe:/a:typo3:typo3:4.5.3
cpe:/a:typo3:typo3:4.5.4
cpe:/a:typo3:typo3:4.5.5
cpe:/a:typo3:typo3:4.5.6
cpe:/a:typo3:typo3:4.5.7
cpe:/a:typo3:typo3:4.5.8
cpe:/a:typo3:typo3:4.5.9
cpe:/a:typo3:typo3:4.5.10
cpe:/a:typo3:typo3:4.5.11
cpe:/a:typo3:typo3:4.5.12
cpe:/a:typo3:typo3:4.5.13
cpe:/a:typo3:typo3:4.5.14
cpe:/a:typo3:typo3:4.5.15
cpe:/a:typo3:typo3:4.5.16
cpe:/a:typo3:typo3:4.5.17
cpe:/a:typo3:typo3:4.5.18
cpe:/a:typo3:typo3:4.5.19
cpe:/a:typo3:typo3:4.5.20
cpe:/a:typo3:typo3:4.5.21
cpe:/a:typo3:typo3:4.5.22
cpe:/a:typo3:typo3:4.5.23
cpe:/a:typo3:typo3:4.5.24
cpe:/a:typo3:typo3:4.5.25
cpe:/a:typo3:typo3:4.5.26
cpe:/a:typo3:typo3:4.5.27
cpe:/a:typo3:typo3:4.5.28
cpe:/a:typo3:typo3:4.5.29
cpe:/a:typo3:typo3:4.5.30
cpe:/a:typo3:typo3:4.5.31
cpe:/a:typo3:typo3:4.5.32
cpe:/a:typo3:typo3:4.5.33
cpe:/a:typo3:typo3:4.7.0
cpe:/a:typo3:typo3:4.7.1
cpe:/a:typo3:typo3:4.7.2
cpe:/a:typo3:typo3:4.7.3
cpe:/a:typo3:typo3:4.7.4
cpe:/a:typo3:typo3:4.7.5
cpe:/a:typo3:typo3:4.7.6
cpe:/a:typo3:typo3:4.7.7
cpe:/a:typo3:typo3:4.7.8
cpe:/a:typo3:typo3:4.7.9
cpe:/a:typo3:typo3:4.7.10
cpe:/a:typo3:typo3:4.7.11
cpe:/a:typo3:typo3:4.7.12
cpe:/a:typo3:typo3:4.7.13
cpe:/a:typo3:typo3:4.7.14
cpe:/a:typo3:typo3:4.7.15
cpe:/a:typo3:typo3:4.7.16
cpe:/a:typo3:typo3:4.7.17
cpe:/a:typo3:typo3:4.7.18
cpe:/a:typo3:typo3:6.0
cpe:/a:typo3:typo3:6.0.1
cpe:/a:typo3:typo3:6.0.2
cpe:/a:typo3:typo3:6.0.3
cpe:/a:typo3:typo3:6.0.4
cpe:/a:typo3:typo3:6.0.5
cpe:/a:typo3:typo3:6.0.6
cpe:/a:typo3:typo3:6.0.7
cpe:/a:typo3:typo3:6.0.8
cpe:/a:typo3:typo3:6.0.9
cpe:/a:typo3:typo3:6.0.10
cpe:/a:typo3:typo3:6.0.11
cpe:/a:typo3:typo3:6.0.12
cpe:/a:typo3:typo3:6.0.13
cpe:/a:typo3:typo3:6.1
cpe:/a:typo3:typo3:6.1.1
cpe:/a:typo3:typo3:6.1.2
cpe:/a:typo3:typo3:6.1.3
cpe:/a:typo3:typo3:6.1.4
cpe:/a:typo3:typo3:6.1.5
cpe:/a:typo3:typo3:6.1.6
cpe:/a:typo3:typo3:6.1.7
cpe:/a:typo3:typo3:6.1.8

Date published: 2014-06-03T10:55:10.990-04:00

Date last modified: 2014-06-04T11:11:41.200-04:00

CVSS Score: 6.0

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

Summary: The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *