Vulnerabilities > Redaxo

DATE CVE VULNERABILITY TITLE RISK
2024-02-17 CVE-2024-25298 Code Injection vulnerability in Redaxo 5.15.1
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.
network
low complexity
redaxo CWE-94
7.2
2024-02-14 CVE-2024-25300 Cross-site Scripting vulnerability in Redaxo 5.15.1
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
network
low complexity
redaxo CWE-79
4.8
2024-02-14 CVE-2024-25301 Code Injection vulnerability in Redaxo 5.15.1
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
network
low complexity
redaxo CWE-94
7.2
2021-09-09 CVE-2021-39458 Information Exposure Through an Error Message vulnerability in Redaxo 5.12.1
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup.
network
low complexity
redaxo CWE-209
4.0
2021-09-09 CVE-2021-39459 OS Command Injection vulnerability in Redaxo 5.12.1
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
network
low complexity
redaxo CWE-78
critical
9.0
2018-10-09 CVE-2018-18200 SQL Injection vulnerability in Redaxo
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
network
low complexity
redaxo CWE-89
7.5
2018-10-09 CVE-2018-18199 Cross-site Scripting vulnerability in Redaxo
Mediamanager in REDAXO before 5.6.4 has XSS.
network
redaxo CWE-79
4.3
2018-10-09 CVE-2018-18198 Cross-site Scripting vulnerability in Redaxo 5.6.3
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page.
network
redaxo CWE-79
4.3
2018-10-01 CVE-2018-17831 SQL Injection vulnerability in Redaxo
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter.
network
low complexity
redaxo CWE-89
7.5
2018-10-01 CVE-2018-17830 Cross-site Scripting vulnerability in Redaxo 5.6.2
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted).
network
redaxo CWE-79
3.5