Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-3869
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote malicious users to inject arbitrary web script or HTML via the subpage parameter to index.php.
Redaxo Redaxo 4.3
Redaxo Redaxo 4.3.2
Redaxo Redaxo 4.4
Redaxo Redaxo 4.3.1
Redaxo Redaxo 4.3.3
755
VMScore
CVE-2006-2845
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.
Redaxo Redaxo 3.2
Redaxo Redaxo 3.0
1 EDB exploit
668
VMScore
CVE-2018-17831
In REDAXO prior to 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list we...
Redaxo Redaxo
383
VMScore
CVE-2018-18199
Mediamanager in REDAXO prior to 5.6.4 has XSS.
Redaxo Redaxo
668
VMScore
CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO prior to 5.6.4.
Redaxo Redaxo
356
VMScore
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
801
VMScore
CVE-2021-39459
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
Redaxo Redaxo 5.12.1
1 Github repository
NA
CVE-2024-25298
An issue exists in REDAXO version 5.15.1, allows malicious users to execute arbitrary code and obtain sensitive information via modules.modules.php.
Redaxo Redaxo 5.15.1
NA
CVE-2024-25300
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
Redaxo Redaxo 5.15.1
NA
CVE-2024-25301
Redaxo v5.15.1 exists to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
Redaxo Redaxo 5.15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »