CVE-2024-46213 – REDAXO CMS v2.11.0 contains a remote code execu... (How to Fix)

📋 TL;DR

REDAXO CMS v2.11.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code on affected systems. This affects all installations running the vulnerable version, potentially compromising the entire server.

💻 Affected Systems

Products:

REDAXO CMS

Versions: v2.11.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Cronjobs AddOn to be installed and configured.

📦 What is this software?

Redaxo by Redaxo

View all CVEs affecting Redaxo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining full control, data exfiltration, and lateral movement to other systems.

🟠

Likely Case

Website defacement, data theft, malware deployment, and creation of persistent backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the CMS backend.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Check REDAXO website for security updates
2. Upgrade to patched version when available
3. Monitor vendor communications

🔧 Temporary Workarounds

Disable Cronjobs AddOn

all

Remove or disable the vulnerable Cronjobs AddOn component

Navigate to REDAXO backend > AddOns > Disable Cronjobs AddOn

Restrict Admin Access

all

Limit access to REDAXO admin interface to trusted IPs only

Add IP restrictions to .htaccess or web server configuration

🧯 If You Can't Patch

Implement strict network segmentation to isolate REDAXO server
Enable detailed logging and monitoring for suspicious admin activities

🔍 How to Verify

Check if Vulnerable:

Check REDAXO version in admin dashboard or via /redaxo/index.php?page=system/status

Check Version:

Check REDAXO admin dashboard or examine REDAXO installation files

Verify Fix Applied:

Verify version is no longer v2.11.0 and Cronjobs AddOn is disabled/removed

📡 Detection & Monitoring

Log Indicators:

Unusual cronjob executions
Suspicious PHP file creation
Unexpected system command execution

Network Indicators:

Unusual outbound connections from web server
Unexpected process spawns

SIEM Query:

Search for 'cronjob' or 'exec' in web application logs with suspicious parameters

📊 Metadata

CVE ID: CVE-2024-46213

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Published: October 16, 2024

Last Updated: June 13, 2025

🔗 References

https://github.com/Purposex7/Vulns4Study/blob/main/REDAXO%20Cronjobs%20%20AddOns%20RCE.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON