๐Ÿ›ก๏ธ CVE-2026-21857
๐ŸŸ  CVSS 8.0 โ€” High โš ๏ธ Exploit Public CWE-22 NVD
8.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.

Details

Severity MEDIUM
CVSS Score 8.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE CWE-22
Public Exploit โš ๏ธ Yes
Source NVD
Published 2026-01-07
Updated 2026-06-02
Modified 2026-01-20
Fix URL N/A

Affected Packages

Software From version Fixed in
redaxo โ€” 5.20.2
redaxo/source โ€” 5.20.2

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free โ†’

No credit card required  ยท  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.