HIGH
Redaxo
CVE published 2026-05-23
CVE-2018-25353
A high-severity arbitrary file upload vulnerability in Redaxo CMS Mediapool Addon 5.5.1 and older allows authenticated users with editor privileges to bypass file extension blacklist restrictions. The vulnerability stems from insufficient validation of file extensions, permitting attackers to use obfuscated extensions such as php71 or php53 to evade the blacklist filter and upload executable files. Succes [truncated]