CVE-2014-3942 Information

Description

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34 4.7.0 before 4.7.19 6.0.0 before 6.0.14 and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

Reference

http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ http://www.debian.org/security/2014/dsa-2942 http://www.openwall.com/lists/oss-security/2014/06/03/2