Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-3869
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote malicious users to inject arbitrary web script or HTML via the subpage parameter to index.php.
Redaxo Redaxo 4.3
Redaxo Redaxo 4.3.2
Redaxo Redaxo 4.4
Redaxo Redaxo 4.3.1
Redaxo Redaxo 4.3.3
7.5
CVSSv2
CVE-2006-2845
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.
Redaxo Redaxo 3.2
Redaxo Redaxo 3.0
1 EDB exploit
4.3
CVSSv2
CVE-2018-18199
Mediamanager in REDAXO prior to 5.6.4 has XSS.
Redaxo Redaxo
7.5
CVSSv2
CVE-2018-17831
In REDAXO prior to 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list we...
Redaxo Redaxo
7.5
CVSSv2
CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO prior to 5.6.4.
Redaxo Redaxo
3.5
CVSSv2
CVE-2018-17830
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substrin...
Redaxo Redaxo 5.6.2
7.5
CVSSv2
CVE-2006-2843
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote malicious users to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
Redaxo Redaxo 2.7.4
1 EDB exploit
7.5
CVSSv2
CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
Redaxo Redaxo 3.0
1 EDB exploit
9
CVSSv2
CVE-2021-39459
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
Redaxo Redaxo 5.12.1
1 Github repository
4
CVSSv2
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »