CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18200
https://notcve.org/view.php?id=CVE-2018-18200
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Hay una inyección SQL en Benutzerverwaltung en REDAXO en versiones anteriores a la 5.6.4. • https://github.com/redaxo/redaxo/releases/tag/5.6.4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18199
https://notcve.org/view.php?id=CVE-2018-18199
Mediamanager in REDAXO before 5.6.4 has XSS. Mediamanager en REDAXO en versiones anteriores a la 5.6.4 tiene Cross-Site Scripting (XSS). • https://github.com/redaxo/redaxo/releases/tag/5.6.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17831
https://notcve.org/view.php?id=CVE-2018-17831
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. En REDAXO en versiones anteriores a la 5.6.3, se ha descubierto una vulnerabilidad crítica de inyección SQL en la clase rex_list debido a la función prepareQuery en core/lib/list.php, mediante el parámetro sort en index.php?page=users/users. • https://github.com/redaxo/redaxo/issues/2043 https://github.com/redaxo/redaxo/releases/tag/5.6.3 https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 3CVE-2012-3869 – Redaxo 4.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-3869
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en include/classes/class.rex_list.inc.php en REDAXO v4.3.x y v4.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'subpage' a index.php. Redaxo version 4.4 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2012-07/0142.html http://secunia.com/advisories/49904 http://www.redaxo.org/de/download/sicherheitshinweise http://www.securityfocus.com/bid/54670 https://www.htbridge.com/advisory/HTB23098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •