Vulnerabilities > Redaxo > Redaxo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-17 | CVE-2024-25298 | Code Injection vulnerability in Redaxo 5.15.1 An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | 7.2 |
| 2024-02-14 | CVE-2024-25300 | Cross-site Scripting vulnerability in Redaxo 5.15.1 A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | 4.8 |
| 2024-02-14 | CVE-2024-25301 | Code Injection vulnerability in Redaxo 5.15.1 Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | 7.2 |
| 2021-09-09 | CVE-2021-39458 | Information Exposure Through an Error Message vulnerability in Redaxo 5.12.1 Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. | 4.0 |
| 2021-09-09 | CVE-2021-39459 | OS Command Injection vulnerability in Redaxo 5.12.1 Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | 9.0 |
| 2018-10-09 | CVE-2018-18200 | SQL Injection vulnerability in Redaxo There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | 7.5 |
| 2018-10-09 | CVE-2018-18199 | Cross-site Scripting vulnerability in Redaxo Mediamanager in REDAXO before 5.6.4 has XSS. | 4.3 |
| 2018-10-09 | CVE-2018-18198 | Cross-site Scripting vulnerability in Redaxo 5.6.3 The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. | 4.3 |
| 2018-10-01 | CVE-2018-17831 | SQL Injection vulnerability in Redaxo In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. | 7.5 |
| 2018-10-01 | CVE-2018-17830 | Cross-site Scripting vulnerability in Redaxo 5.6.2 The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). | 3.5 |