Description
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.
Published: 2026-05-23
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Redaxo CMS Mediapool Addon prior to version 5.5.1 includes an arbitrary file upload flaw that allows authenticated editor users to bypass the extension blacklist. By uploading files with obfuscated extensions such as php71 or php53, attackers can place executable code on the server and subsequently run it. The weakness is a flaw in input validation (CWE‑863), enabling an attacker to alter the expected behavior of the upload routine.

Affected Systems

The vulnerability afflicts Redaxo CMS Mediapool Addon version 5.5.1 and all earlier releases. Users running Redaxo CMS Mediapool on any environment that provides editor-level access are potentially exposed.

Risk and Exploitability

The CVSS v3 score of 8.7 reflects a high severity, with remote code execution possible from an authenticated session. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits at the time of this analysis. However, the attack path only requires an editor account, a role commonly granted in many installations, making the conditions for exploitation relatively low-cost for the attacker.

Generated by OpenCVE AI on May 23, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Mediapool Addon to the latest version that eliminates the arbitrary file upload issue
  • Configure the upload handler to reject all executable extensions and enforce strict MIME type checks
  • Restrict write permissions on the upload directory to the minimal required users and monitor file changes for suspicious activity

Generated by OpenCVE AI on May 23, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.
Title Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload
First Time appeared Redaxo
Redaxo redaxo
Weaknesses CWE-863
CPEs cpe:2.3:a:redaxo:redaxo:*:*:*:*:*:*:*:*
Vendors & Products Redaxo
Redaxo redaxo
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Redaxo Redaxo
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-23T18:30:53.506Z

Reserved: 2026-05-23T15:48:30.219Z

Link: CVE-2018-25353

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T19:30:25Z

Weaknesses