{"id":"CVE-2021-39458","details":"Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.","modified":"2026-05-15T09:15:50.327391Z","published":"2021-09-09T12:15:09.870Z","references":[{"type":"EVIDENCE","url":"https://github.com/evildrummer/CVE-2021-XYZ2"},{"type":"EVIDENCE","url":"https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39458"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redaxo/core","events":[{"introduced":"0"},{"last_affected":"24afa7042b6d4b1857de46f08efc3a1b06fb0b04"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"5.12.1"}],"cpe":"cpe:2.3:a:redaxo:redaxo:5.12.1:*:*:*:*:*:*:*"}}],"versions":["5.12.1","5.12.0","5.12.0-beta3","5.12.0-beta2","5.12.0-beta1","5.11.0","5.11.0-beta1","5.10.0","5.10.0-beta2","5.10.0-beta1","5.9.0","5.9.0-beta2","5.9.0-beta1","5.8.0","5.8.0-beta1","5.7.0","5.7.0-beta3","5.7.0-beta2","5.7.0-beta1","5.6.1","5.6.0","5.6.0-beta1","5.5.1","5.5.0","5.5.0-beta1","5.4.0","5.4.0-beta2","5.4.0-beta1","5.3.0","5.2.0","5.2.0-beta1","5.1.0","5.0.1","5.0.0","5.0.0-rc","5.0.0-beta2","5.0.0-beta1","5.0.0-alpha7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39458.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}