Description

CERT Polska has received a report about vulnerabilities in Redeight CMS software and participated in coordination of their disclosure.

The vulnerability CVE-2026-53690: An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the userEmail parameter in the POST /admin/index.php login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.

The vulnerability CVE-2026-53691: An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST /admin/index.php?module=pages&mode=FileAdd endpoint. The application fails to validate file extensions and MIME types, permitting the upload of arbitrary PHP scripts to the publicly accessible /uploads/files/ directory where they can be executed directly by the web server.

The vulnerability CVE-2026-53692: Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.

Credits

We thank Jacek Czepil for the responsible vulnerability report.