Evildrummer

**Name of the Vulnerable Software and Affected Versions** Redaxo version 5.15.1 **Description** A remote code execution issue was discovered in the /pages/templates.php component, allowing for potential code execution. **Recommendations** For Redaxo version 5.15.1, consider disabling access to the /pages/templates.php component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Web@rchiv version 1.0 **Description** An arbitrary file upload issue allows attackers to execute arbitrary commands via a crafted PHP file. **Recommendations** For Web@rchiv version 1.0, consider disabling the file upload feature until a patch is available to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: Yakamara Media Redaxo CMS version 5.12.1 Description: Triggering an error page of the import process in the CMS allows an authenticated user to alter the files of a valid file backup, leading to the leakage of database credentials in the environment variables. Recommendations: For Yakamara Media Redaxo CMS version 5.12.1, consider restricting access to the import process to prevent authenticated users from triggering the error page and altering file backups until a fix is available. As a temporary workaround, restrict the ability of authenticated CMS users to access and modify backup files to minimize the risk of database credential leakage.

Name of the Vulnerable Software and Affected Versions: Yakamara Media Redaxo CMS version 5.12.1 Description: The issue allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. This is achieved through the modules component in the CMS. Recommendations: For Yakamara Media Redaxo CMS version 5.12.1, consider disabling the modules component until a patch is available to prevent remote code execution. Restrict access to the CMS to minimize the risk of exploitation by authenticated users.