CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Veracode•added 2026/02/18 8:2 a.m.•2 views

Directory Traversal

redaxo/source is vulnerable to Directory Traversal. The vulnerability is due to improper validation of the EXPDIR POST parameter in the Backup addon's file export functionality, which allows an authenticated attacker with backup permissions to supply crafted relative paths and read arbitrary file...

8.3CVSS5.8AI score0.00027EPSS

Exploits3References3Affected Software1

Veracode•added 2025/12/13 7:20 a.m.•3 views

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

7.2CVSS6.2AI score0.00582EPSS

Exploits2References4Affected Software1

Veracode•added 2025/03/11 1:35 a.m.•7 views

Arbitrary File Upload

redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...

5.4CVSS6.8AI score0.00253EPSS

Exploits1References4Affected Software1

Veracode•added 2025/03/10 3:56 p.m.•8 views

Cross-site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...

6.1CVSS6.4AI score0.00642EPSS

Exploits1References3Affected Software1

Snyk•added 2025/03/05 6:31 p.m.•4 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the mediapool/media page. An attacker can execute malicious code and potentially distribute malware by uploading a file with a modified filename and content-type to masquerade as a benign file type, then tricki...

5.4CVSS7.3AI score0.00253EPSS

Exploits1References2

Veracode•added 2025/02/12 6:57 a.m.•6 views

Cross-Site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the "Article Name" argument in the Structure Management Page, allowing remote attackers to inject malicious scripts...

5.4CVSS6.3AI score0.00129EPSS

Exploits1References5Affected Software1

Veracode•added 2025/01/13 7:34 a.m.•6 views

Stored Cross-site Scripting (XSS)

redaxo/source is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to improper input validation in the /media/test.html component, allowing attackers to inject malicious scripts into the password parameter...

5.4CVSS6.1AI score0.00465EPSS

Exploits1References4Affected Software1

Veracode•added 2024/11/25 10:51 a.m.•6 views

Cross-site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of data in the mediapool feature, allowing a remote attacker to escalate privileges...

5.4CVSS6.5AI score0.01041EPSS

Exploits1References7Affected Software1

Snyk•added 2024/10/16 9:42 p.m.•2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper verification of php code as cronjob. An attacker can execute arbitrary code on the server by creating a maliciously crafted cronjob. PoC php Remediation There is no fixed version for redaxo/sourc...

8.4CVSS8.1AI score0.01982EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by