CVE-2026-53691

Name of the Vulnerable Software and Affected Versions Redeight CMS version 1.0

Description An unrestricted file upload flaw allows authenticated attackers to achieve Remote Code Execution. The issue occurs because the application does not validate file extensions or MIME types (the standard used to identify file formats). This allows the upload of arbitrary PHP scripts to the publicly accessible /uploads/files/ directory, where they can be executed by the web server. The attack is performed via the POST /admin/index.php?module=pages&mode=FileAdd endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.