📦 Redaxo
by Redaxo
🔍 What is Redaxo?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A Remote Code Execution vulnerability in REDAXO CMS 5.20.0 allows authenticated administrators to inject PHP code into templates, which executes when visitors access frontend pages. This enables attac...
An arbitrary file upload vulnerability in Redaxo CMS v5.17.1 allows attackers to upload malicious files through the MediaPool module. This can lead to remote code execution on affected systems. All Re...
REDAXO CMS v2.11.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code on affected systems. This affects all installations running the vulnerable version, po...
CVE-2024-25298 is a critical code injection vulnerability in REDAXO CMS version 5.15.1 that allows attackers to execute arbitrary code on affected systems. The vulnerability exists in modules.modules....
CVE-2024-25301 is a remote code execution vulnerability in Redaxo CMS v5.15.1 that allows attackers to execute arbitrary code via the /pages/templates.php component. This affects all systems running t...
This vulnerability allows authenticated users in Redaxo CMS to execute arbitrary PHP code on the server by uploading malicious modules. It affects Redaxo CMS administrators and users with module uploa...
This vulnerability allows authenticated REDAXO users with backup permissions to read arbitrary files within the webroot via path traversal in the Backup addon. Attackers can manipulate the EXPDIR para...
This is a reflected Cross-Site Scripting (XSS) vulnerability in REDAXO CMS that allows arbitrary JavaScript execution in the backend when authenticated users click malicious links. Attackers can steal...
A stored cross-site scripting (XSS) vulnerability in REDAXO CMS 5.20.0 allows remote authenticated users to inject malicious scripts into the module management component. When other users view or edit...
CVE-2025-27412 is a reflected cross-site scripting (XSS) vulnerability in REDAXO CMS that allows attackers to inject malicious scripts via the rex-api-result parameter. This affects administrators and...
A stored cross-site scripting (XSS) vulnerability in REDAXO CMS v5.17.1 allows attackers to inject malicious scripts into the password parameter of the /media/test.html component. This enables executi...
CVE-2024-50803 is a cross-site scripting (XSS) vulnerability in Redaxo CMS's mediapool feature that allows attackers to inject malicious scripts. This affects Redaxo CMS administrators who can access ...