Cyber Resilience

CVE-2024-46210

High

Published: 10 January 2025

Published
10 January 2025
Modified
13 June 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0036 58.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46210 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Redaxo Redaxo. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-46210 is an arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS version 5.17.1. The flaw, associated with CWE-434 (Unrestricted Upload of File with Dangerous Type), enables attackers to execute arbitrary code by uploading a crafted file. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-10.

The vulnerability can be exploited over the network by attackers with high privileges, such as authenticated administrative users, requiring low complexity and no user interaction. Successful exploitation allows remote code execution, resulting in high impacts on confidentiality, integrity, and availability within the affected system's scope.

References include a GitHub Gist at https://gist.github.com/h4ckr4v3n/26eaa57d94f749b597ede8b404c234df and a research repository at https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git. No specific mitigation or patch details from advisories are provided in the available information.

EU & UK References

Vulnerability details

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload vulnerability in Redaxo CMS MediaPool enables exploitation of a public-facing web application (T1190) to upload crafted PHP files for remote code execution, equivalent to deploying web shells (T1100, T1505.003). Authenticated RCE via templates and cronjobs further facilitates server-side code execution.

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

redaxo
redaxo
5.17.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents arbitrary file upload vulnerabilities by validating uploaded files in the MediaPool module for expected content, type, and format to block dangerous crafted files.

prevent

Enforces restrictions on file types and content at upload interfaces, mitigating unrestricted uploads of executable code in Redaxo CMS MediaPool.

prevent

Remediates the specific flaw in Redaxo CMS v5.17.1 MediaPool by timely identification, reporting, and patching to eliminate the arbitrary code execution vulnerability.

References