CVE-2018-25353

Sažetak

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.

Reference

https://redaxo.org
https://redaxo.org/download/redaxo/5.5.1.zip
https://www.exploit-db.com/exploits/44891
https://www.vulncheck.com/advisories/redaxo-cms-mediapool-addon-arbitrary-file-upload

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

26-05-2026 - 19:37

Objavljeno

23-05-2026 - 19:16