Vulnerabilities > Redaxo > Redaxo > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-09 | CVE-2018-18200 | SQL Injection vulnerability in Redaxo There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | 7.5 |
| 2018-10-09 | CVE-2018-18199 | Cross-site Scripting vulnerability in Redaxo Mediamanager in REDAXO before 5.6.4 has XSS. | 4.3 |
| 2018-10-01 | CVE-2018-17831 | SQL Injection vulnerability in Redaxo In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. | 7.5 |
| 2006-06-06 | CVE-2006-2845 | Remote Security vulnerability in Redaxo 3.0/3.2 PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | 7.5 |
| 2006-06-06 | CVE-2006-2844 | Remote Security vulnerability in Redaxo 3.0 Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | 7.5 |