Search for vulnerabilities
| Vulnerability ID | VCID-cv1m-r2d7-h3dx |
| Aliases |
CVE-2014-3942
GHSA-55g3-fjwm-w2c8 |
| Summary | TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | HIGH | http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html |
| epss | 0.00442 | https://api.first.org/data/v1/epss?cve=CVE-2014-3942 |
| epss | 0.00442 | https://api.first.org/data/v1/epss?cve=CVE-2014-3942 |
| generic_textual | HIGH | https://github.com/TYPO3/typo3 |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2014-3942 |
| generic_textual | HIGH | https://typo3.org/security/advisory/typo3-core-sa-2014-001 |
| generic_textual | HIGH | http://www.debian.org/security/2014/dsa-2942 |
| generic_textual | HIGH | http://www.openwall.com/lists/oss-security/2014/06/03/2 |
| Percentile | 0.62327 |
| EPSS Score | 0.00442 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T12:29:15.492496+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-55g3-fjwm-w2c8/GHSA-55g3-fjwm-w2c8.json | 36.1.3 |