CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18200
https://notcve.org/view.php?id=CVE-2018-18200
09 Oct 2018 — There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Hay una inyección SQL en Benutzerverwaltung en REDAXO en versiones anteriores a la 5.6.4. • https://github.com/redaxo/redaxo/releases/tag/5.6.4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18199
https://notcve.org/view.php?id=CVE-2018-18199
09 Oct 2018 — Mediamanager in REDAXO before 5.6.4 has XSS. Mediamanager en REDAXO en versiones anteriores a la 5.6.4 tiene Cross-Site Scripting (XSS). • https://github.com/redaxo/redaxo/releases/tag/5.6.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17831
https://notcve.org/view.php?id=CVE-2018-17831
01 Oct 2018 — In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. En REDAXO en versiones anteriores a la 5.6.3, se ha descubierto una vulnerabilidad crítica de inyección SQL en la clase rex_list debido a la función prepareQuery en core/lib/list.php, mediante el parámetro sort en index.php?p... • https://github.com/redaxo/redaxo/issues/2043 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2006-2845 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2845
06 Jun 2006 — PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. • https://www.exploit-db.com/exploits/1861 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2844 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2844
06 Jun 2006 — Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. • https://www.exploit-db.com/exploits/1861 •