Description

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

Remediation

References

CVE-2014-3942

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Unspecified Vulnerability (1.7.56)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.21)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.5.7)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3992)

Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)

Severity

Medium

Classification

CVE-2014-3942 CWE-94

Tags

Missing Update Known Vulnerabilities