Description
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
References
https://github.com/evildrummer/CVE-2021-XYZ
ExploitThird Party Advisory
https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-09T12:15:09.980
3 years agoLast modified
2022-03-31T19:45:41.277
3 years ago