evildrummer

4 exploits Active since Sep 2021
CVE-2021-39458 WRITEUP MEDIUM WRITEUP
Redaxo - Error Information Exposure
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
CVSS 6.5
CVE-2021-39459 WRITEUP HIGH WORKING POC
Redaxo - OS Command Injection
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
CVSS 7.2
CVE-2022-29347 WRITEUP CRITICAL WRITEUP
Web@rchiv 1.0 - Code Injection
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS 9.8
CVE-2024-25301 WRITEUP HIGH WRITEUP
Redaxo <5.15.1 - RCE
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
CVSS 7.2