RSS   Vulnerabilities for 'Redaxo'   RSS

2018-10-09
 
CVE-2018-18200

CWE-89
 

 
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.

 
 
CVE-2018-18199

CWE-79
 

 
Mediamanager in REDAXO before 5.6.4 has XSS.

 
 
CVE-2018-18198

CWE-79
 

 
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.

 
2018-10-01
 
CVE-2018-17831

CWE-89
 

 
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.

 
 
CVE-2018-17830

CWE-79
 

 
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.

 
2012-08-13
 
CVE-2012-3869

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.

 
2006-06-06
 
CVE-2006-2845

CWE-Other
 

 
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.

 
 
CVE-2006-2844

CWE-Other
 

 
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.

 
 
CVE-2006-2843

CWE-Other
 

 
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.

 

 >>> Vendor: Redaxo 2 Products
Redaxo
Redaxo cms


Copyright 2022, cxsecurity.com

 

Back to Top