CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18200
https://notcve.org/view.php?id=CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Hay una inyección SQL en Benutzerverwaltung en REDAXO en versiones anteriores a la 5.6.4. • https://github.com/redaxo/redaxo/releases/tag/5.6.4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18199
https://notcve.org/view.php?id=CVE-2018-18199
Mediamanager in REDAXO before 5.6.4 has XSS. Mediamanager en REDAXO en versiones anteriores a la 5.6.4 tiene Cross-Site Scripting (XSS). • https://github.com/redaxo/redaxo/releases/tag/5.6.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17831
https://notcve.org/view.php?id=CVE-2018-17831
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. En REDAXO en versiones anteriores a la 5.6.3, se ha descubierto una vulnerabilidad crítica de inyección SQL en la clase rex_list debido a la función prepareQuery en core/lib/list.php, mediante el parámetro sort en index.php?page=users/users. • https://github.com/redaxo/redaxo/issues/2043 https://github.com/redaxo/redaxo/releases/tag/5.6.3 https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 1CVE-2006-2845 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2845
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. • https://www.exploit-db.com/exploits/1861 http://secunia.com/advisories/20395 http://securityreason.com/securityalert/1043 http://securitytracker.com/id?1016213 http://www.securityfocus.com/archive/1/435733/100/0/threaded http://www.securityfocus.com/bid/18229 http://www.vupen.com/english/advisories/2006/2109 https://exchange.xforce.ibmcloud.com/vulnerabilities/26887 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2844 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. • https://www.exploit-db.com/exploits/1861 http://secunia.com/advisories/20395 http://securityreason.com/securityalert/1043 http://securitytracker.com/id?1016213 http://www.securityfocus.com/archive/1/435733/100/0/threaded http://www.securityfocus.com/bid/18229 http://www.vupen.com/english/advisories/2006/2109 https://exchange.xforce.ibmcloud.com/vulnerabilities/26887 •