Filtered by vendor Redaxo
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | ||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | ||||
| CVE-2018-15850 | 1 Redaxo | 1 Redaxo Cms | 2024-11-21 | N/A |
| An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | ||||