Vulnerabilities > Redaxo

DATE CVE VULNERABILITY TITLE RISK
2024-02-17 CVE-2024-25298 Code Injection vulnerability in Redaxo 5.15.1
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.
network
low complexity
redaxo CWE-94
7.2
7.2
2021-09-09 CVE-2021-39458 Information Exposure Through an Error Message vulnerability in Redaxo 5.12.1
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup.
network
low complexity
redaxo CWE-209
4.0
4.0
2021-09-09 CVE-2021-39459 OS Command Injection vulnerability in Redaxo 5.12.1
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
network
low complexity
redaxo CWE-78
critical
 9.0
9.0
2018-10-09 CVE-2018-18200 SQL Injection vulnerability in Redaxo
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
network
low complexity
redaxo CWE-89
7.5
7.5
2018-10-09 CVE-2018-18199 Cross-site Scripting vulnerability in Redaxo
Mediamanager in REDAXO before 5.6.4 has XSS.
network
redaxo CWE-79
4.3
4.3
2018-10-09 CVE-2018-18198 Cross-site Scripting vulnerability in Redaxo 5.6.3
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page.
network
redaxo CWE-79
4.3
4.3
2018-10-01 CVE-2018-17831 SQL Injection vulnerability in Redaxo
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter.
network
low complexity
redaxo CWE-89
7.5
7.5
2018-10-01 CVE-2018-17830 Cross-site Scripting vulnerability in Redaxo 5.6.2
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted).
network
redaxo CWE-79
3.5
3.5
2018-08-25 CVE-2018-15850 Cross-Site Request Forgery (CSRF) vulnerability in Redaxo CMS 4.7.2
An issue was discovered in REDAXO CMS 4.7.2.
network
redaxo CWE-352
6.8
6.8
2012-08-13 CVE-2012-3869 Cross-Site Scripting vulnerability in Redaxo
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.
network
redaxo CWE-79
4.3
4.3