Description

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

Remediation

References

CVE-2014-3942

Related Vulnerabilities

WordPress Plugin Tags Cloud Manager Cross-Site Scripting (1.0.0)

Jboss EAP Other Vulnerability (CVE-2019-9513)

WordPress Plugin eShop Multiple Vulnerabilities (6.3.14)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11025)

WordPress Plugin Simple Link Directory Cross-Site Scripting (7.3.4)

Severity

Medium

Classification

CVE-2014-3942 CWE-94

Tags

Missing Update Known Vulnerabilities