PT-2021-22589 · Yakamara Media · Redaxo Cms
Evildrummer
·
Published
2021-09-09
·
Updated
2022-03-31
·
CVE-2021-39459
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Yakamara Media Redaxo CMS version 5.12.1
Description:
The issue allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. This is achieved through the modules component in the CMS.
Recommendations:
For Yakamara Media Redaxo CMS version 5.12.1, consider disabling the modules component until a patch is available to prevent remote code execution. Restrict access to the CMS to minimize the risk of exploitation by authenticated users.
Exploit
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redaxo Cms