CVE-2026-21857 (GCVE-0-2026-21857)
Vulnerability from cvelistv5 – Published: 2026-01-07 22:32 – Updated: 2026-01-08 18:17
VLAI?
Title
Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read
Summary
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21857",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:09:21.125268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:17:35.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redaxo",
"vendor": "redaxo",
"versions": [
{
"status": "affected",
"version": "\u003c 5.20.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T22:32:35.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
},
{
"name": "https://github.com/redaxo/redaxo/releases/tag/5.20.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redaxo/redaxo/releases/tag/5.20.2"
}
],
"source": {
"advisory": "GHSA-824x-88xg-cwrv",
"discovery": "UNKNOWN"
},
"title": "Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21857",
"datePublished": "2026-01-07T22:32:15.859Z",
"dateReserved": "2026-01-05T16:44:16.367Z",
"dateUpdated": "2026-01-08T18:17:35.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21857\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-07T23:15:50.830\",\"lastModified\":\"2026-01-08T19:15:58.810\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-24\"}]}],\"references\":[{\"url\":\"https://github.com/redaxo/redaxo/releases/tag/5.20.2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21857\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-08T15:09:21.125268Z\"}}}], \"references\": [{\"url\": \"https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-08T15:09:24.426Z\"}}], \"cna\": {\"title\": \"Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read\", \"source\": {\"advisory\": \"GHSA-824x-88xg-cwrv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"redaxo\", \"product\": \"redaxo\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.20.2\"}]}], \"references\": [{\"url\": \"https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv\", \"name\": \"https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/redaxo/redaxo/releases/tag/5.20.2\", \"name\": \"https://github.com/redaxo/redaxo/releases/tag/5.20.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-24\", \"description\": \"CWE-24: Path Traversal: \u0027../filedir\u0027\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-07T22:32:35.974Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21857\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-08T18:17:35.890Z\", \"dateReserved\": \"2026-01-05T16:44:16.367Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-07T22:32:15.859Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-21857
Vulnerability from fkie_nvd - Published: 2026-01-07 23:15 - Updated: 2026-01-08 19:15
Severity ?
Summary
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue."
}
],
"id": "CVE-2026-21857",
"lastModified": "2026-01-08T19:15:58.810",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-07T23:15:50.830",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/redaxo/redaxo/releases/tag/5.20.2"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-24"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-824X-88XG-CWRV
Vulnerability from github – Published: 2026-01-05 20:02 – Updated: 2026-01-08 20:07
VLAI?
Summary
Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read
Details
Summary
Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality.
Details
The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories.
An attacker can supply relative paths containing ../ sequences (or even absolute paths inside the document root) to include any readable file in the generated .tar.gz archive.
Vulnerable code:
- redaxo/src/addons/backup/pages/export.php (lines 72-76) – directly uses $_POST['EXPDIR']
- redaxo/src/addons/backup/lib/backup.php (lines ~413 & ~427) – concatenates unsanitized user input with base path
This allows disclosure of sensitive files such as:
- redaxo/data/core/config.yml → database credentials + password hashes of all backend users
- .env, custom configuration files, logs, uploaded malicious files, etc.
Affected versions
≤ 5.20.1 (confirmed working)
Patched versions
None (as of 2025-12-09)
PoC – Extracting database credentials and password hashes
- Log in as any user with Backup permission
- Go to Backup → Export → Files
- Intercept the request with Burp Suite
- Change one
EXPDIR[]value to../../../../var/www/html/redaxo/data/core
-
Send request → download archive
-
Extract and open
data/core/config.yml
Result: plaintext database password
Impact
Full compromise of the REDAXO installation: - Database takeover - Password hash extraction → offline cracking → admin access - When combined with other vulnerabilities → RCE
CVSS 4.0 vector & score below.
Credits
Discovered by: Łukasz Rybak
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.20.1"
},
"package": {
"ecosystem": "Packagist",
"name": "redaxo/source"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.20.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-21857"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-24"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-05T20:02:58Z",
"nvd_published_at": "2026-01-07T23:15:50Z",
"severity": "HIGH"
},
"details": "### Summary\nAuthenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality.\n\u003cimg width=\"664\" height=\"899\" alt=\"image\" src=\"https://github.com/user-attachments/assets/fd1ca69e-b275-4daf-9a62-621cde6525f5\" /\u003e\n\u003cimg width=\"2358\" height=\"445\" alt=\"image\" src=\"https://github.com/user-attachments/assets/fad81152-9e1b-413e-9823-09540a23e2fb\" /\u003e\n\n\n### Details\nThe Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. \nAn attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive.\n\nVulnerable code:\n- `redaxo/src/addons/backup/pages/export.php` (lines 72-76) \u2013 directly uses `$_POST[\u0027EXPDIR\u0027]`\n- `redaxo/src/addons/backup/lib/backup.php` (lines ~413 \u0026 ~427) \u2013 concatenates unsanitized user input with base path\n\nThis allows disclosure of sensitive files such as:\n- `redaxo/data/core/config.yml` \u2192 database credentials + password hashes of all backend users\n- `.env`, custom configuration files, logs, uploaded malicious files, etc.\n\n### Affected versions\n\u2264 5.20.1 (confirmed working)\n\n### Patched versions\nNone (as of 2025-12-09)\n\n### PoC \u2013 Extracting database credentials and password hashes\n1. Log in as any user with Backup permission\n2. Go to Backup \u2192 Export \u2192 Files\n\n\u003cimg width=\"1240\" height=\"960\" alt=\"image\" src=\"https://github.com/user-attachments/assets/bc05ba18-9664-4be2-b637-4fec3a0f409a\" /\u003e\n\n3. Intercept the request with Burp Suite \n\n\u003cimg width=\"2184\" height=\"478\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9fa754a1-2cd0-4d3d-a5cc-cfa34c8a1718\" /\u003e\n\n4. Change one `EXPDIR[]` value to `../../../../var/www/html/redaxo/data/core`\n\n\u003cimg width=\"978\" height=\"591\" alt=\"image\" src=\"https://github.com/user-attachments/assets/d15f5c7f-b72c-44cc-9be2-da8d3f26f124\" /\u003e\n\n5. Send request \u2192 download archive\n\u003cimg width=\"423\" height=\"131\" alt=\"image\" src=\"https://github.com/user-attachments/assets/db8a8bda-cdaf-4dea-812f-1e312da908e2\" /\u003e\n\n6. Extract and open `data/core/config.yml`\n\u003cimg width=\"859\" height=\"281\" alt=\"image\" src=\"https://github.com/user-attachments/assets/c8112ce1-5a1d-435f-953b-7eb4e711e042\" /\u003e\n\nResult: plaintext database password \n\u003cimg width=\"2534\" height=\"1198\" alt=\"image\" src=\"https://github.com/user-attachments/assets/218ae917-868a-437e-98b0-6471b82c0b10\" /\u003e\n\n### Impact\nFull compromise of the REDAXO installation:\n- Database takeover\n- Password hash extraction \u2192 offline cracking \u2192 admin access\n- When combined with other vulnerabilities \u2192 RCE\n\nCVSS 4.0 vector \u0026 score below.\n\n### Credits\nDiscovered by: \u0141ukasz Rybak",
"id": "GHSA-824x-88xg-cwrv",
"modified": "2026-01-08T20:07:42Z",
"published": "2026-01-05T20:02:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21857"
},
{
"type": "PACKAGE",
"url": "https://github.com/redaxo/redaxo"
},
{
"type": "WEB",
"url": "https://github.com/redaxo/redaxo/releases/tag/5.20.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…