Vendor
high
threat
Redaxo CMS Mediapool Addon Arbitrary File Upload Vulnerability (CVE-2018-25353)
2 rules 1 TTP 1 CVERedaxo CMS Mediapool Addon version 5.5.1 and older contains an arbitrary file upload vulnerability (CVE-2018-25353) that allows authenticated users to bypass file extension blacklist restrictions, leading to arbitrary code execution.
Mediapool Addon
file-upload
web-application
code-execution
2r
1t
1c
high
advisory
Redaxo CMS MyEvents Addon SQL Injection Vulnerability (CVE-2018-25319)
2 rules 1 TTP 1 CVERedaxo CMS Addon MyEvents version 2.2.1 contains an SQL injection vulnerability (CVE-2018-25319) that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter, enabling the extraction or modification of sensitive database information.
MyEvents Addon 2.2.1
sqli
cve-2018-25319
redaxo
2r
1t
1c