Export limit exceeded: 362748 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-53690 1 Redeight 1 Redeight Cms 2026-07-01 N/A
An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.
CVE-2026-53691 1 Redeight 1 Redeight Cms 2026-07-01 N/A
An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of arbitrary PHP scripts to the publicly accessible "/uploads/files/" directory where they can be executed directly by the web server.
CVE-2026-53692 1 Redeight 1 Redeight Cms 2026-07-01 N/A
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.