Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo redaxo vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-18198
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
Redaxo Redaxo 5.6.3
755
VMScore
CVE-2006-2843
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote malicious users to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
Redaxo Redaxo 2.7.4
1 EDB exploit
755
VMScore
CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
Redaxo Redaxo 3.0
1 EDB exploit
356
VMScore
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
605
VMScore
CVE-2018-15850
An issue exists in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
Redaxo Redaxo Cms 4.7.2
NA
CVE-2012-38691
Redaxo version 4.4 suffers from a cross site scripting vulnerability.
605
VMScore
CVE-2016-10757
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
Readaxo Readaxo 5.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2