| CVE ID | CVE-2026-53690 |
| Publication date | 30 June 2026 |
| Vendor | Redeight |
| Product | Redeight CMS |
| Vulnerable versions | 1.0 |
| Vulnerability type (CWE) | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
| Report source | Report to CERT Polska |
| CVE ID | CVE-2026-53691 |
| Publication date | 30 June 2026 |
| Vendor | Redeight |
| Product | Redeight CMS |
| Vulnerable versions | 1.0 |
| Vulnerability type (CWE) | Unrestricted Upload of File with Dangerous Type (CWE-434) |
| Report source | Report to CERT Polska |
| CVE ID | CVE-2026-53692 |
| Publication date | 30 June 2026 |
| Vendor | Redeight |
| Product | Redeight CMS |
| Vulnerable versions | 1.0 |
| Vulnerability type (CWE) | Use of Weak Hash (CWE-328) |
| Report source | Report to CERT Polska |
Description
CERT Polska has received a report about vulnerabilities in Redeight CMS software and participated in coordination of their disclosure.
The vulnerability CVE-2026-53690: An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the userEmail parameter in the POST /admin/index.php login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.
The vulnerability CVE-2026-53691: An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST /admin/index.php?module=pages&mode=FileAdd endpoint. The application fails to validate file extensions and MIME types, permitting the upload of arbitrary PHP scripts to the publicly accessible /uploads/files/ directory where they can be executed directly by the web server.
The vulnerability CVE-2026-53692: Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.
Credits
We thank Jacek Czepil for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.