Vulnerabilities > Redaxo > Redaxo > 2.7.4

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-18200 SQL Injection vulnerability in Redaxo
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
network
low complexity
redaxo CWE-89
7.5
7.5
2018-10-09 CVE-2018-18199 Cross-site Scripting vulnerability in Redaxo
Mediamanager in REDAXO before 5.6.4 has XSS.
network
redaxo CWE-79
4.3
4.3
2018-10-01 CVE-2018-17831 SQL Injection vulnerability in Redaxo
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter.
network
low complexity
redaxo CWE-89
7.5
7.5
2006-06-06 CVE-2006-2843 Remote File Inclusion vulnerability in Redaxo 2.7.4
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
network
low complexity
redaxo
7.5
7.5