CVE-2024-46210 – An arbitrary file upload vulnerability in Redax... (How to Fix)

Q: What is the severity of CVE-2024-46210?

CVE-2024-46210 has a CVSS score of 7.2 (HIGH). An arbitrary file upload vulnerability in Redaxo CMS v5.17.1 allows attackers to upload malicious files through the MediaPool module. This can lead to remote code execution on affected systems. All Redaxo CMS installations using version 5.17.1 are vulnerable.

📋 TL;DR

An arbitrary file upload vulnerability in Redaxo CMS v5.17.1 allows attackers to upload malicious files through the MediaPool module. This can lead to remote code execution on affected systems. All Redaxo CMS installations using version 5.17.1 are vulnerable.

💻 Affected Systems

Products:

Redaxo CMS

Versions: v5.17.1

Operating Systems: All platforms running Redaxo CMS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with MediaPool module enabled (default).

📦 What is this software?

Redaxo by Redaxo

View all CVEs affecting Redaxo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Webshell deployment leading to data exfiltration, defacement, or use as part of a botnet.

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious file execution.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but still dangerous if exploited.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof-of-concept available in GitHub repository. Requires authenticated access to MediaPool module.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.17.2 or later

Vendor Advisory: https://github.com/redaxo/redaxo/releases/tag/5.17.2

Restart Required: No

Instructions:

1. Backup your Redaxo installation. 2. Download Redaxo v5.17.2 or later from official repository. 3. Replace affected files with patched version. 4. Verify MediaPool module functionality.

🔧 Temporary Workarounds

Disable MediaPool module

all

Temporarily disable the vulnerable MediaPool module to prevent exploitation.

Navigate to Redaxo admin panel > Modules > MediaPool > Deactivate

Restrict file upload extensions

Apache

Configure web server to block upload of executable file types.

Add to .htaccess: <FilesMatch "\.(php|phtml|php3|php4|php5|phps|pl|py|jsp|asp|sh|cgi)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Implement strict file upload validation in application layer
Deploy WAF rules to block malicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check Redaxo version in admin panel or via 'composer show redaxo/redaxo' command.

Check Version:

php redaxo/bin/console version:show

Verify Fix Applied:

Verify version is 5.17.2 or later and test file upload functionality with malicious files.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to MediaPool directory
POST requests with suspicious file extensions
Webshell access patterns

Network Indicators:

Outbound connections from web server to unknown IPs
Unusual traffic patterns from CMS server

SIEM Query:

source="web_logs" AND (uri_path="/redaxo/index.php?page=mediapool/upload" OR file_extension IN ("php", "phtml", "jsp"))

📊 Metadata

CVE ID: CVE-2024-46210

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.29% exploit probability (52.2th percentile)

Published: January 10, 2025

Last Updated: June 13, 2025

🔗 References

https://gist.github.com/h4ckr4v3n/26eaa57d94f749b597ede8b404c234df Third Party Advisory
https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46210, you might also want to check these: