threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redaxo
Product
redaxo
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2016-20053
all versions
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative
5.3
MEDIUM
CVE-2026-21857
< 5.20.2
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arb
6.5
MEDIUM
CVE-2025-66026
< 5.20.1
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool v
6.1
MEDIUM
CVE-2025-64050
all versions
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated
7.2
HIGH
CVE-2025-64049
all versions
A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to i
4.8
MEDIUM
CVE-2025-27412
>= 5.0 and < 5.18.3
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site
6.1
MEDIUM
CVE-2025-27411
< 5.18.3
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerab
5.4
MEDIUM
CVE-2024-46210
all versions
An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code vi
7.2
HIGH
CVE-2024-13209
all versions
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file
2.4
LOW
CVE-2024-46209
all versions
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to exec
5.4
MEDIUM
CVE-2024-50803
all versions
The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote
5.4
MEDIUM
CVE-2024-46213
all versions
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
7.2
HIGH
CVE-2024-46212
all versions
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.
4.9
MEDIUM
CVE-2024-25298
all versions
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via
7.2
HIGH
CVE-2024-25301
all versions
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
7.2
HIGH
CVE-2024-25300
all versions
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a craft
4.8
MEDIUM
CVE-2021-39459
all versions
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to exe
7.2
HIGH
CVE-2021-39458
all versions
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to
6.5
MEDIUM
CVE-2018-18200
< 5.6.4
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
9.8
CRITICAL
CVE-2018-18199
< 5.6.4
Mediamanager in REDAXO before 5.6.4 has XSS.
6.1
MEDIUM
CVE-2018-18198
all versions
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output dir
6.1
MEDIUM
CVE-2018-17831
< 5.6.3
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQue
9.8
CRITICAL
CVE-2018-17830
all versions
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restrict
5.4
MEDIUM
CVE-2018-15850
all versions
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?pag
8.8
HIGH
CVE-2012-3869
all versions
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers
CVE-2006-2845
all versions
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in
CVE-2006-2844
all versions
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in
CVE-2006-2843
all versions
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1)
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin