{"id":"CVE-2024-25298","details":"An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.","aliases":["GHSA-7f2v-5877-rx3x"],"modified":"2026-05-18T05:57:44.469217072Z","published":"2024-02-17T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25298.json"},"references":[{"type":"WEB","url":"https://github.com/CpyRe/I-Find-CVE-2024/blob/main/REDAXO%20RCE.md"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25298.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25298"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redaxo/core","events":[{"introduced":"0"},{"last_affected":"2c350d13c476862748cff6ee927f098910654050"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"5.15.1"}],"cpe":"cpe:2.3:a:redaxo:redaxo:5.15.1:*:*:*:*:*:*:*"}}],"versions":["5.15.1","5.15.0","5.15.0-beta1","5.14.1","5.14.0","5.14.0-beta2","5.14.0-beta1","5.13.2","5.13.1","5.13.0","5.13.0-beta2","5.13.0-beta1","5.12.0","5.12.0-beta3","5.12.0-beta2","5.12.0-beta1","5.11.0","5.11.0-beta1","5.10.0","5.10.0-beta2","5.10.0-beta1","5.9.0","5.9.0-beta2","5.9.0-beta1","5.8.0","5.8.0-beta1","5.7.0","5.7.0-beta3","5.7.0-beta2","5.7.0-beta1","5.6.1","5.6.0","5.6.0-beta1","5.5.1","5.5.0","5.5.0-beta1","5.4.0","5.4.0-beta2","5.4.0-beta1","5.3.0","5.2.0","5.2.0-beta1","5.1.0","5.0.1","5.0.0","5.0.0-rc","5.0.0-beta2","5.0.0-beta1","5.0.0-alpha7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25298.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}