Lucene search
K

8 matches found

CVE
CVE
added 2026/05/23 6:30 p.m.26 views

CVE-2018-25353

Affected software: Redaxo CMS Mediapool Addon 5.5.1 and older. Vulnerability: Arbitrary file upload via bypassing the extension blacklist, enabled by obfuscated extensions (e.g., php71, php53). Impact: Authenticated editor users can upload executable files, potentially achieving code execution (h...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.39 views

CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myeventsid parameter. Attackers can send GET requests to the eventadd.php page with malicious myeventsid values to extract o...

7.1CVSS0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.6 views

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.5AI score0.00264EPSS
Exploits2References1
OSV
OSV
added 2025/11/25 4:16 p.m.5 views

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.6AI score0.00264EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48037

Name of the Vulnerable Software and Affected Versions REDAXO CMS version 5.20.0 Description A stored cross-site scripting XSS issue exists in the module management component of REDAXO CMS. A remote user can inject arbitrary web script or HTML through the Output code field within modules. This...

4.8CVSS5.6AI score0.00264EPSS
Exploits2References11
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.12 views

CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

0.00794EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2025/11/20 4:57 p.m.171 views

Exploit for CVE-2025-64049

CVE-Disclosures Welcome to the CVE disclosures section of thi...

7.2CVSS6.3AI score0.00794EPSS
Exploits3
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.4 views

Yakamara Media Redaxo CMS 安全漏洞

Yakamara Media Redaxo CMS is Yakamara Media organization of a set of open source Web portal content management system . The system supports custom modules, plugin extensions, project backups and more. A security vulnerability exists in Yakamara Media Redaxo CMS version 5.12.1, which originates fr...

6.5CVSS6.6AI score0.01191EPSS
Exploits2References3
Rows per page
Query Builder