Remote Code Execution Vulnerability in Redaxo v5.15.1
CVE-2024-25301

7.2HIGH

Key Information:

Vendor: Redaxo
Status: Redaxo
Vendor: CVE Published:; 14 February 2024

What is CVE-2024-25301?

Redaxo v5.15.1 has been identified to contain a vulnerability that allows for remote code execution, specifically through its component located at /pages/templates.php. This flaw can be exploited by an attacker to execute arbitrary code on the server, thereby compromising the integrity and confidentiality of the application. Organizations utilizing this version of Redaxo should take immediate action to assess exposure and implement appropriate security measures to mitigate risks associated with potential exploitation.

References

https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-20...

https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-RE...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Feb 7, 2024