Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redaxo Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39458 1 Redaxo 1 Redaxo 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
CVE-2021-39459 1 Redaxo 1 Redaxo 2022-03-31 9.0 HIGH 7.2 HIGH
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
CVE-2018-17831 1 Redaxo 1 Redaxo 2018-11-21 7.5 HIGH 9.8 CRITICAL
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.
CVE-2018-18198 1 Redaxo 1 Redaxo 2018-11-21 4.3 MEDIUM 6.1 MEDIUM
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
CVE-2018-18200 1 Redaxo 1 Redaxo 2018-11-21 7.5 HIGH 9.8 CRITICAL
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
CVE-2018-18199 1 Redaxo 1 Redaxo 2018-11-21 4.3 MEDIUM 6.1 MEDIUM
Mediamanager in REDAXO before 5.6.4 has XSS.
CVE-2018-17830 1 Redaxo 1 Redaxo 2018-11-15 3.5 LOW 5.4 MEDIUM
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.
CVE-2006-2844 1 Redaxo 1 Redaxo 2018-10-18 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
CVE-2006-2843 1 Redaxo 1 Redaxo 2018-10-18 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
CVE-2006-2845 1 Redaxo 1 Redaxo 2018-10-18 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.
CVE-2018-15850 1 Redaxo 1 Redaxo Cms 2018-10-17 6.8 MEDIUM 8.8 HIGH
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
CVE-2012-3869 1 Redaxo 1 Redaxo 2012-08-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.