Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo redaxo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3869
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote malicious users to inject arbitrary web script or HTML via the subpage parameter to index.php.
Redaxo Redaxo 4.3
Redaxo Redaxo 4.3.2
Redaxo Redaxo 4.4
Redaxo Redaxo 4.3.1
Redaxo Redaxo 4.3.3
NA
CVE-2006-2845
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.
Redaxo Redaxo 3.2
Redaxo Redaxo 3.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-17831
In REDAXO prior to 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list we...
Redaxo Redaxo
6.1
CVSSv3
CVE-2018-18199
Mediamanager in REDAXO prior to 5.6.4 has XSS.
Redaxo Redaxo
9.8
CVSSv3
CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO prior to 5.6.4.
Redaxo Redaxo
5.4
CVSSv3
CVE-2018-17830
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substrin...
Redaxo Redaxo 5.6.2
NA
CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
Redaxo Redaxo 3.0
1 EDB exploit
6.1
CVSSv3
CVE-2018-18198
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
Redaxo Redaxo 5.6.3
NA
CVE-2006-2843
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote malicious users to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
Redaxo Redaxo 2.7.4
1 EDB exploit
6.5
CVSSv3
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »