Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
7.2
CVSSv3
CVE-2021-39459
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
Redaxo Redaxo 5.12.1
1 Github repository
NA
CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
Redaxo Redaxo 3.0
1 EDB exploit
6.1
CVSSv3
CVE-2018-18198
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
Redaxo Redaxo 5.6.3
8.8
CVSSv3
CVE-2018-15850
An issue exists in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
Redaxo Redaxo Cms 4.7.2
NA
CVE-2012-38691
Redaxo version 4.4 suffers from a cross site scripting vulnerability.
8.8
CVSSv3
CVE-2016-10757
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
Readaxo Readaxo 5.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2