← Volver a CVEs
CVE-2026-21857
MEDIUM6.5
Descripcion
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado1/7/2026
Ultima modificacion1/20/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
redaxo:redaxo
Debilidades (CWE)
CWE-22CWE-24
Referencias
https://github.com/redaxo/redaxo/releases/tag/5.20.2(security-advisories@github.com)
https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv(security-advisories@github.com)
https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.