Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-3869
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote malicious users to inject arbitrary web script or HTML via the subpage parameter to index.php.
Redaxo Redaxo 4.3
Redaxo Redaxo 4.3.2
Redaxo Redaxo 4.4
Redaxo Redaxo 4.3.1
Redaxo Redaxo 4.3.3
755
VMScore
CVE-2006-2845
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.
Redaxo Redaxo 3.2
Redaxo Redaxo 3.0
1 EDB exploit
668
VMScore
CVE-2018-17831
In REDAXO prior to 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list we...
Redaxo Redaxo
668
VMScore
CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO prior to 5.6.4.
Redaxo Redaxo
383
VMScore
CVE-2018-18199
Mediamanager in REDAXO prior to 5.6.4 has XSS.
Redaxo Redaxo
755
VMScore
CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote malicious users to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
Redaxo Redaxo 3.0
1 EDB exploit
312
VMScore
CVE-2018-17830
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substrin...
Redaxo Redaxo 5.6.2
356
VMScore
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
NA
CVE-2024-25298
An issue exists in REDAXO version 5.15.1, allows malicious users to execute arbitrary code and obtain sensitive information via modules.modules.php.
Redaxo Redaxo 5.15.1
NA
CVE-2024-25300
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
Redaxo Redaxo 5.15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »