127 matches found
CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...
Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞
Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...
CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myeventsid parameter. Attackers can send GET requests to the eventadd.php page with malicious myeventsid values to extract o...
CVE-2018-25319
Vulnerability summary: Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection in the event_add.php flow via the myevents_id parameter. The issue can be exploited by authenticated users sending crafted GET requests to the event_add.php endpoint to influence database queries and potentially extr...
PT-2026-41545
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents id parameter. Attackers can send GET requests to the event add.php page with malicious myevents id values to extrac...
EUVD-2016-10861
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
CVE-2016-20053
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
CVE-2016-20053
CVE-2016-20053 affects Redaxo CMS 5.2. It is a cross-site request forgery vulnerability that lets unauthenticated attackers create administrative user accounts by tricking authenticated admins into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden f...
CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
CVE-2016-20053
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
PT-2026-30351
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
CVE-2025-64050
A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...
CVE-2025-66026
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026
CVE-2025-66026 is a reflected XSS in REDAXO CMS (pre-5.20.1) affecting the Mediapool view where args[types] is echoed into an info banner without escaping. The root cause is lack of HTML-escaping when rendering the value, allowing an authenticated user to trigger arbitrary JavaScript execution in...
EUVD-2025-199662
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
GHSA-X6VR-Q3VF-VQGQ REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Summary A reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link...
GHSA-XJ9J-GJXG-7JVQ REDAXO CMS is vulnerable to RCE attack through its template management component
A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...
GHSA-VQC7-7FJ4-3FM3 REDAXO CMS is vulnerable to XSS through its module management component
A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...