VYPR

Redaxo CMS

by Yakamara Media

CVEs (2)

  • CVE-2021-39459HigSep 9, 2021
    risk 0.47cvss 7.2epss 0.05

    Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.

  • CVE-2021-39458MedSep 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.