CVE-2026-46725 Scanner
CVE-2026-46725 Scanner - Deserialization of Untrusted Data vulnerability in TYPO3 ceselector Extension
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 9 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
TYPO3 is a free and open-source web content management system written in PHP. It's widely used by enterprises, government agencies, and universities to create and manage web environments. The TYPO3 ceselector extension enhances the content selection capabilities in TYPO3's back end. The system allows users, often with admin access, to select content for web display dynamically. Many organizations rely on this feature for flexibility in managing web content. However, the wide usage also makes it a critical point for ensuring security within an organization's digital infrastructure.
The vulnerability in question is caused by insecure deserialization within the TYPO3 ceselector extension. Deserialization vulnerabilities can allow data modification that is executed on the server side, leading to unauthorized behavior. This type of vulnerability arises when untrusted sources are deserialized into objects without proper validation. In this case, attackers can send malicious serialized data, which is then deserialized, allowing remote commands to be executed on the server. Exploitation of this vulnerability can lead to severe security threats including remote code execution.
In this scenario, the vulnerability exists inside the TYPO3 ceselector extension due to the unserialize() function processing attacker-controlled data. The absence of input validation or sanitization within the unserialize function call leads to this severe security risk. Attackers can provide crafted serialized data through cookies that reach the critical unserialize function. Execution is possible given a carefully crafted payload sent to the vulnerable endpoint. Attackers typically leverage this vector to gain unauthorized access and execute arbitrary code remotely.
Exploitation of this vulnerability can lead to full system compromise by allowing remote unauthenticated attackers to execute arbitrary code on the server. This could subsequently provide attackers with the ability to manipulate or steal sensitive data, disrupt operations, or utilize the compromised system as a launchpad for further attacks. Such exploitation could facilitate data breaches, defacements, or service outages, potentially damaging reputation and involving financial and legal consequences.
REFERENCES
