Skip to main content

Redaxo CVE-2021-39458

MEDIUM
Error Message Information Leak (CWE-209)
2021-09-09 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 09, 2021 - 12:15 nvd
MEDIUM 6.5

DescriptionNVD

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.

AnalysisAI

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-209. Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. Affected products include: Redaxo. Version information: version 5.12.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Redaxo

View all
CVE-2018-17831 CRITICAL POC
9.8 Oct 01

In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the

CVE-2025-64050 HIGH POC
7.2 Nov 25

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth

CVE-2024-46213 HIGH POC
7.2 Oct 16

REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2)

CVE-2024-25298 HIGH POC
7.2 Feb 17

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive inform

CVE-2024-25301 HIGH POC
7.2 Feb 14

Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.

CVE-2021-39459 HIGH POC
7.2 Sep 09

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS u

CVE-2026-21857 MEDIUM POC
6.5 Jan 07

Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file w

CVE-2025-27412 MEDIUM POC
6.1 Mar 05

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

CVE-2025-66026 MEDIUM POC
6.1 Nov 26

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

CVE-2018-18198 MEDIUM POC
6.1 Oct 09

The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is

CVE-2018-18200 CRITICAL
9.8 Oct 09

There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2025-27411 MEDIUM POC
5.4 Mar 05

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack comp

Share

CVE-2021-39458 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy