Lucene search
K

6 matches found

NVD
NVD
added 2026/05/23 7:16 p.m.13 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS0.00452EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/23 6:30 p.m.11 views

EUVD-2018-21876

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.4 views

CVE-2025-66026

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...

6.1CVSS5.6AI score0.00228EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/11/15 5:5 p.m.91 views

Exploit for Cross-site Scripting in Redaxo

CVE-2024-50803 Stored XSS in mediapool feature of Redaxo A st...

5.4CVSS5.5AI score0.00633EPSS
Exploits1
Rows per page
Query Builder