CVE-2024-46210

Name of the Vulnerable Software and Affected Versions: Redaxo CMS version 5.17.1

Description: An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS allows attackers to execute arbitrary code via uploading a crafted file.

Recommendations: For Redaxo CMS version 5.17.1, consider disabling the MediaPool module until a patch is available to prevent arbitrary code execution. Restrict access to the file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.