Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | |||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | |||||