8 matches found
CVE-2018-25353
Affected software: Redaxo CMS Mediapool Addon 5.5.1 and older. Vulnerability: Arbitrary file upload via bypassing the extension blacklist, enabled by obfuscated extensions (e.g., php71, php53). Impact: Authenticated editor users can upload executable files, potentially achieving code execution (h...
CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myeventsid parameter. Attackers can send GET requests to the eventadd.php page with malicious myeventsid values to extract o...
CVE-2025-64049
A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...
CVE-2025-64049
A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...
PT-2025-48037
Name of the Vulnerable Software and Affected Versions REDAXO CMS version 5.20.0 Description A stored cross-site scripting XSS issue exists in the module management component of REDAXO CMS. A remote user can inject arbitrary web script or HTML through the Output code field within modules. This...
CVE-2025-64050
A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...
Exploit for CVE-2025-64049
CVE-Disclosures Welcome to the CVE disclosures section of thi...
Yakamara Media Redaxo CMS 安全漏洞
Yakamara Media Redaxo CMS is Yakamara Media organization of a set of open source Web portal content management system . The system supports custom modules, plugin extensions, project backups and more. A security vulnerability exists in Yakamara Media Redaxo CMS version 5.12.1, which originates fr...