High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-17	CVE-2024-25298	Code Injection vulnerability in Redaxo 5.15.1 An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. network low complexity redaxo CWE-94	7.2
2024-02-14	CVE-2024-25301	Code Injection vulnerability in Redaxo 5.15.1 Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. network low complexity redaxo CWE-94	7.2
2018-10-09	CVE-2018-18200	SQL Injection vulnerability in Redaxo There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. network low complexity redaxo CWE-89	7.5
2018-10-01	CVE-2018-17831	SQL Injection vulnerability in Redaxo In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. network low complexity redaxo CWE-89	7.5
2006-06-06	CVE-2006-2845	Remote Security vulnerability in Redaxo 3.0/3.2 PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. network low complexity redaxo	7.5
2006-06-06	CVE-2006-2844	Remote Security vulnerability in Redaxo 3.0 Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. network low complexity redaxo	7.5
2006-06-06	CVE-2006-2843	Remote File Inclusion vulnerability in Redaxo 2.7.4 PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. network low complexity redaxo	7.5