Redaxo
CVE-2021-39458
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
AnalysisAI
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-209. Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. Affected products include: Redaxo. Version information: version 5.12.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2)
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive inform
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS u
Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file w
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Rated critical severity (CVSS 9.8), this vulnerab
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack comp
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today