Multiple vulnerabilities have been identified in Redaxo, which could be exploited by attackers to compromise a vulnerable system. These issues are caused by input validation errors in the "include/addons/version/pages/index.inc.php" and "include/pages/specials.inc.php" scripts when processing the "REX[INCLUDE_PATH]" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: Redaxo version 4.2.1 and prior
