Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redaxo redaxo vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2024-25298
An issue exists in REDAXO version 5.15.1, allows malicious users to execute arbitrary code and obtain sensitive information via modules.modules.php.
Redaxo Redaxo 5.15.1
4.8
CVSSv3
CVE-2024-25300
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
Redaxo Redaxo 5.15.1
7.2
CVSSv3
CVE-2024-25301
Redaxo v5.15.1 exists to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
Redaxo Redaxo 5.15.1
6.5
CVSSv3
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
Redaxo Redaxo 5.12.1
1 Github repository
7.2
CVSSv3
CVE-2021-39459
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
Redaxo Redaxo 5.12.1
1 Github repository
8.8
CVSSv3
CVE-2016-10757
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
Readaxo Readaxo 5.2.0
9.8
CVSSv3
CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO prior to 5.6.4.
Redaxo Redaxo
6.1
CVSSv3
CVE-2018-18198
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
Redaxo Redaxo 5.6.3
6.1
CVSSv3
CVE-2018-18199
Mediamanager in REDAXO prior to 5.6.4 has XSS.
Redaxo Redaxo
9.8
CVSSv3
CVE-2018-17831
In REDAXO prior to 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list we...
Redaxo Redaxo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »