Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redaxo Subscribe
Filtered by product Redaxo

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-17831 1 Redaxo 1 Redaxo 2018-11-21 7.5 HIGH 9.8 CRITICAL
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.
CVE-2018-18200 1 Redaxo 1 Redaxo 2018-11-21 7.5 HIGH 9.8 CRITICAL
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.