Skip to main content

Redeight Cms

3 CVEs product

Monthly

CVE-2026-53692 MEDIUM This Month

Redeight CMS 1.0 stores user passwords using unsalted MD5 hashes, enabling any attacker who obtains the credential database to recover plaintext passwords nearly instantaneously via precomputed rainbow tables. All stored credentials are effectively exposed upon database compromise, since MD5 is cryptographically broken and the absence of per-user salts eliminates hash uniqueness across identical passwords. No public exploit code or confirmed active exploitation has been identified at time of analysis, but the cracking technique is trivially automated and requires no specialized skill.

Information Disclosure Redeight Cms
NVD VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2026-53691 HIGH This Week

Remote code execution in Redeight CMS 1.0 lets an authenticated attacker upload arbitrary PHP scripts through the admin Pages module's FileAdd endpoint, which performs no extension or MIME-type validation. The uploaded file lands in the web-accessible /uploads/files/ directory and is executed directly by the web server, yielding full server-side code execution. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.

PHP RCE File Upload Redeight Cms
NVD VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2026-53690 CRITICAL Act Now

SQL injection in Redeight CMS 1.0 lets unauthenticated remote attackers extract sensitive database contents by injecting through the 'userEmail' POST parameter of the /admin/index.php login endpoint. Because user input is interpolated directly into SQL without prepared statements, an attacker needs no credentials and no user interaction to read or manipulate backend data, including admin authentication material. The flaw was reported by CERT-PL and carries a CVSS 4.0 base score of 9.3 (Critical); no public exploit identified at time of analysis.

SQLi PHP Redeight Cms
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
EPSS 0% CVSS 5.9
MEDIUM This Month

Redeight CMS 1.0 stores user passwords using unsalted MD5 hashes, enabling any attacker who obtains the credential database to recover plaintext passwords nearly instantaneously via precomputed rainbow tables. All stored credentials are effectively exposed upon database compromise, since MD5 is cryptographically broken and the absence of per-user salts eliminates hash uniqueness across identical passwords. No public exploit code or confirmed active exploitation has been identified at time of analysis, but the cracking technique is trivially automated and requires no specialized skill.

Information Disclosure Redeight Cms
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote code execution in Redeight CMS 1.0 lets an authenticated attacker upload arbitrary PHP scripts through the admin Pages module's FileAdd endpoint, which performs no extension or MIME-type validation. The uploaded file lands in the web-accessible /uploads/files/ directory and is executed directly by the web server, yielding full server-side code execution. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.

PHP RCE File Upload +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in Redeight CMS 1.0 lets unauthenticated remote attackers extract sensitive database contents by injecting through the 'userEmail' POST parameter of the /admin/index.php login endpoint. Because user input is interpolated directly into SQL without prepared statements, an attacker needs no credentials and no user interaction to read or manipulate backend data, including admin authentication material. The flaw was reported by CERT-PL and carries a CVSS 4.0 base score of 9.3 (Critical); no public exploit identified at time of analysis.

SQLi PHP Redeight Cms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy