CVE-2024-46209 PoC — Yakamara Media Redaxo CMS 安全漏洞

Source

https://github.com/h4ckr4v3n/CVE-2024-46209

Associated Vulnerability

Title:Yakamara Media Redaxo CMS 安全漏洞 (CVE-2024-46209)
Description:Yakamara Media Redaxo CMS是Yakamara Media组织的一套开源的Web门户内容管理系统。该系统支持自定义模块、插件扩展、项目备份等。 Yakamara Media Redaxo CMS v5.17.1版本存在安全漏洞，该漏洞源于存在存储型跨站脚本(XSS)漏洞，攻击者可以通过注入精心设计的有效载荷来执行任意Web脚本或HTML。

Readme

# Redaxo Security Research (CVE-2024-46209, CVE-2024-46210)

Redaxo CMS v5.17.1 security research
Completed at 09 August 2024

Contains detailed description of:
CVE-2024-46210 - Stored Cross-Site Scripting via file Upload in MediaPool module
CVE-2024-46209 - Authenticated arbitrary code execution.

File Snapshot


 [4.0K]  /data/pocs/38d607a95682809255975db1e23b709d0836db09
├── [ 299]  README.md
└── [1.8M]  REDAXO Stored XSS + RCE.pdf

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!