CRITICAL

GHSA-8x3j-439w-537c

TYPO3 Remote Code Execution in extension "Content Element Selector" (ceselector)

Details

The TYPO3 "Content Element Selector" (ceselector) extension passes an attacker-controlled cookie directly to PHP's `unserialize()` without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation requires the content element to be configured with `Persistent Mode: Static` in the plugin settings. This has been patched in version 3.0.3, 4.0.2, 5.0.1, and 6.0.1.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / mmc/ceselector

Introduced in: 6.0.0 Fixed in: 6.0.1

Fix composer require mmc/ceselector:^6.0.1

Packagist / mmc/ceselector

Introduced in: 5.0.0 Fixed in: 5.0.1

Fix composer require mmc/ceselector:^5.0.1

Packagist / mmc/ceselector

Introduced in: 4.0.0 Fixed in: 4.0.2

Fix composer require mmc/ceselector:^4.0.2

Packagist / mmc/ceselector

Introduced in: 0 Fixed in: 3.0.3

Fix composer require mmc/ceselector:^3.0.3

Details

Are you affected?

Affected packages

References