TYPO3 Remote Code Execution in extension "Content Element Selector" (ceselector)
The TYPO3 "Content Element Selector" (ceselector) extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation requires the content element to be configured with Persistent Mode: Static in the plugin settings. This has been patched in version 3.0.3, 4.0.2, 5.0.1, and …