evildrummer

4 exploits Active since Sep 2021
CVE-2021-39458 WRITEUP MEDIUM WRITEUP
redaxo 5.12.1 - Authenticated Sensitive Information Exposure via Import Error Page
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
CVSS 6.5
CVE-2021-39459 WRITEUP HIGH WORKING POC
Redaxo CMS 5.12.1 - Authenticated Remote Code Execution via Malicious Module
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
CVSS 7.2
CVE-2022-29347 WRITEUP CRITICAL WRITEUP
web@rchiv 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via PHP File
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS 9.8
CVE-2024-25301 WRITEUP HIGH WRITEUP
Redaxo 5.15.1 - Remote Code Execution via Templates Component
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
CVSS 7.2