Redeight Cms
Monthly
Redeight CMS 1.0 stores user passwords using unsalted MD5 hashes, enabling any attacker who obtains the credential database to recover plaintext passwords nearly instantaneously via precomputed rainbow tables. All stored credentials are effectively exposed upon database compromise, since MD5 is cryptographically broken and the absence of per-user salts eliminates hash uniqueness across identical passwords. No public exploit code or confirmed active exploitation has been identified at time of analysis, but the cracking technique is trivially automated and requires no specialized skill.
Remote code execution in Redeight CMS 1.0 lets an authenticated attacker upload arbitrary PHP scripts through the admin Pages module's FileAdd endpoint, which performs no extension or MIME-type validation. The uploaded file lands in the web-accessible /uploads/files/ directory and is executed directly by the web server, yielding full server-side code execution. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.
SQL injection in Redeight CMS 1.0 lets unauthenticated remote attackers extract sensitive database contents by injecting through the 'userEmail' POST parameter of the /admin/index.php login endpoint. Because user input is interpolated directly into SQL without prepared statements, an attacker needs no credentials and no user interaction to read or manipulate backend data, including admin authentication material. The flaw was reported by CERT-PL and carries a CVSS 4.0 base score of 9.3 (Critical); no public exploit identified at time of analysis.
Redeight CMS 1.0 stores user passwords using unsalted MD5 hashes, enabling any attacker who obtains the credential database to recover plaintext passwords nearly instantaneously via precomputed rainbow tables. All stored credentials are effectively exposed upon database compromise, since MD5 is cryptographically broken and the absence of per-user salts eliminates hash uniqueness across identical passwords. No public exploit code or confirmed active exploitation has been identified at time of analysis, but the cracking technique is trivially automated and requires no specialized skill.
Remote code execution in Redeight CMS 1.0 lets an authenticated attacker upload arbitrary PHP scripts through the admin Pages module's FileAdd endpoint, which performs no extension or MIME-type validation. The uploaded file lands in the web-accessible /uploads/files/ directory and is executed directly by the web server, yielding full server-side code execution. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.
SQL injection in Redeight CMS 1.0 lets unauthenticated remote attackers extract sensitive database contents by injecting through the 'userEmail' POST parameter of the /admin/index.php login endpoint. Because user input is interpolated directly into SQL without prepared statements, an attacker needs no credentials and no user interaction to read or manipulate backend data, including admin authentication material. The flaw was reported by CERT-PL and carries a CVSS 4.0 base score of 9.3 (Critical); no public exploit identified at time of analysis.