CVE-2024-25298: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 17, 2024 (updated February 20, 2024)

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.

References

github.com/CpyRe/I-Find-CVE-2024/blob/main/REDAXO%20RCE.md
github.com/advisories/GHSA-7f2v-5877-rx3x
nvd.nist.gov/vuln/detail/CVE-2024-25298

Code Behaviors & Features

Detect and mitigate CVE-2024-25298 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →