Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459