CVE-2024-25298

Name of the Vulnerable Software and Affected Versions: REDAXO version 5.15.1

Description: An issue in REDAXO allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. The vulnerability is related to incorrect code generation management in the addons/structure/plugins/content/pages/modules.modules.php component. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations: For REDAXO version 5.15.1, consider disabling access to the modules.modules.php file until a patch is available. Restrict the use of the addons/structure/plugins/content/pages/modules.modules.php component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.