anonhaven
Ad

CVE-2024-46210

HIGH CVSS 3.1: 7.2 EPSS 0.26%
Updated Jun 13, 2025
Redaxo
Parameter Value
CVSS 7.2 (HIGH)
Type CWE-434 (Unrestricted File Upload)
Vendor Redaxo
Public PoC No

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-434 Unrestricted File Upload

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Redaxo Redaxo
cpe:2.3:a:redaxo:redaxo:5.17.1:*:*:*:*:*:*:*

References 2

https://gist.github.com/h4ckr4v3n/26eaa57d94f749b597ede8b404c234df
cve@mitre.org
https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-21857

Redaxo

8.3

CVE-2025-64050

Redaxo

7.2

CVE-2025-27412

Redaxo

6.1

CVE-2025-27411

Redaxo

5.4

CVE-2024-13209

Redaxo

5.1