Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
AnalysisAI
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Affected products include: Redaxo.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive inform
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS u
Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file w
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS u
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Rated critical severity (CVSS 9.8), this vulnerab
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack comp
Share
External POC / Exploit Code
Leaving vuln.today