High severityNVD Advisory· Published Oct 3, 2014· Updated Jun 17, 2026
CVE-2014-6289
CVE-2014-6289
Description
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dl/yagPackagist | < 3.0.1 | 3.0.1 |
punktde/pt_extbasePackagist | < 1.5.1 | 1.5.1 |
Affected products
4- cpe:2.3:a:daniel_lienert:yet_another_gallery:*:*:*:*:*:typo3:*:*Range: <=3.0.0
- cpe:2.3:a:michael_knoll:tools_for_extbase_developmen:*:*:*:*:*:typo3:*:*Range: <=1.5.0
- ghsa-coords2 versions
< 3.0.1+ 1 more
- (no CPE)range: < 3.0.1
- (no CPE)range: < 1.5.1
Patches
Vulnerability mechanics
References
8- typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/nvdVendor Advisory
- github.com/advisories/GHSA-46fq-683f-2jwqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-6289ghsaADVISORY
- typo3.org/extensions/repository/view/pt_extbasenvdWEB
- typo3.org/extensions/repository/view/yagnvdWEB
- github.com/YAG-Gallery/yag/commit/4ab6ca121044d31b3822ab0c922053a9de8ee4efghsaWEB
- github.com/punktDe/pt_extbase/commit/9969635830fcf5c3222de0fd9dc0d9a05f8d6cb1ghsaWEB
- typo3.org/security/advisory/typo3-ext-sa-2014-005ghsaWEB
News mentions
0No linked articles in our index yet.