{"id":"CVE-2021-39459","details":"Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.","modified":"2026-04-10T04:37:14.939217Z","published":"2021-09-09T12:15:09.980Z","references":[{"type":"EVIDENCE","url":"https://github.com/evildrummer/CVE-2021-XYZ"},{"type":"EVIDENCE","url":"https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redaxo/redaxo","events":[{"introduced":"0"},{"last_affected":"24afa7042b6d4b1857de46f08efc3a1b06fb0b04"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.12.1"}]}}],"versions":["5.0.0","5.0.0-alpha7","5.0.0-beta1","5.0.0-beta2","5.0.0-rc","5.0.1","5.1.0","5.10.0","5.10.0-beta1","5.10.0-beta2","5.11.0","5.11.0-beta1","5.12.0","5.12.0-beta1","5.12.0-beta2","5.12.0-beta3","5.12.1","5.2.0","5.2.0-beta1","5.3.0","5.4.0","5.4.0-beta1","5.4.0-beta2","5.5.0","5.5.0-beta1","5.5.1","5.6.0","5.6.0-beta1","5.6.1","5.7.0","5.7.0-beta1","5.7.0-beta2","5.7.0-beta3","5.8.0","5.8.0-beta1","5.9.0","5.9.0-beta1","5.9.0-beta2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39459.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}