Main Vulnerability Database Vulnerabilities #VU135822

Input validation error in REDAXO - #VU135822

Published: June 29, 2026

Vulnerability identifier: #VU135822

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: REDAXO

Affected software:
REDAXO

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper input validation in the rex_list component when processing the sort GET parameter for ORDER BY clauses. A remote user can supply a crafted sort parameter to disclose sensitive information.

Error messages can confirm whether referenced columns exist, and query results can be reordered using unselected sensitive columns from the underlying tables.

Remediation

Install security update from vendor's website.

Sources

https://github.com/redaxo/core/security/advisories/GHSA-4f5f-j737-pm58

Input validation error in REDAXO - #VU135822

Detailed vulnerability description

Remediation

Sources

Please verify you're human