PT-2026-53851 · Unknown · Redeight Cms
Jacek Czepil
·
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-53690
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Redeight CMS version 1.0
Description
An SQL Injection occurs when user input is not properly sanitized and is directly interpolated into SQL queries without the use of prepared statements. This allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information via the POST '/admin/index.php' endpoint using the
userEmail parameter.Recommendations
Update Redeight CMS version 1.0 to a version that implements prepared statements for the
userEmail parameter in the '/admin/index.php' endpoint.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redeight Cms