CVE-2024-50803 PoC — Redaxo 安全漏洞

Source

https://github.com/Praison001/CVE-2024-50803-Redaxo

Associated Vulnerability

Title:Redaxo 安全漏洞 (CVE-2024-50803)
Description:Redaxo是Redaxo开源的一个内容管理系统。 Redaxo v 5.17版本存在安全漏洞，该漏洞源于mediapool功能容易受到跨站脚本攻击，允许远程攻击者提升权限。

Description

Stored XSS in mediapool feature of Redaxo

Readme

# CVE-2024-50803
Stored XSS in mediapool feature of Redaxo

A stored cross-site scripting (XSS) vulnerability was found in Redaxo versions < 5.18.0, allowing attackers with sufficient privileges to upload a malicious SVG file through the mediapool feature.

**Published a write-up**: https://medium.com/@praison66/5d15a3cd054d

Discovered by **Praison**, Sep 2024.

**References**:
    https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2024-50803
    https://github.com/redaxo/redaxo/releases/tag/5.18.0

**Vulnerable versions**: < 5.18.0

**Fix**: Update Redaxo to the latest version - 5.18.0

File Snapshot


 [4.0K]  /data/pocs/0a3199551d43c9f901e55d0227954a724abdb6e2
└── [ 597]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!