CVE-2014-3942

NameCVE-2014-3942
DescriptionThe Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2942-1
NVD severitymedium (attack range: remote)
Debian Bugs749215

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsource(unstable)4.5.34+dfsg1-1medium749215
typo3-srcsourcesqueeze(unfixed)end-of-life
typo3-srcsourcewheezy4.5.19+dfsg1-5+wheezy3mediumDSA-2942-1

Notes

[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)

Search for package or bug name: Reporting problems