CVE-2024-25298
https://notcve.org/view.php?id=CVE-2024-25298
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. Se descubrió un problema en REDAXO versión 5.15.1, que permite a los atacantes ejecutar código arbitrario y obtener información confidencial a través de module.modules.php. • https://github.com/CpyRe/I-Find-CVE-2024/blob/main/REDAXO%20RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-25300
https://notcve.org/view.php?id=CVE-2024-25300
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. Una vulnerabilidad de Cross-Site Scripting (XSS) en Redaxo v5.15.1 permite a los atacantes ejecutar scripts o HTML arbitraios a través de un payload manipulado inyectado en el parámetro Nombre en la sección Plantilla. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-25301
https://notcve.org/view.php?id=CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. Se descubrió que Redaxo v5.15.1 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /pages/templates.php. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459 • CWE-94: Improper Control of Generation of Code ('Code Injection') •