CVE-2014-3942
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0044 (0.4%)
Percentile: 63.3%
EPSS: 2026-05-06
Affects
typo3:typo3Technical description
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
Published: 6/3/2014, 2:55:10 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
- http://www.debian.org/security/2014/dsa-2942
- http://www.openwall.com/lists/oss-security/2014/06/03/2
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
- http://www.debian.org/security/2014/dsa-2942
- http://www.openwall.com/lists/oss-security/2014/06/03/2