Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2018-25353: Redaxo CMS Mediapool Addon: Authenticated Users Can Upload Malicious Files
CVE-2018-25353
Summary
The Mediapool Addon in Redaxo CMS is affected by a security flaw that allows authorized users to upload files with hidden malicious extensions. This could allow attackers to upload and execute harmful code on a website. To fix this issue, update the Mediapool Addon to version 5.5.2 or later.
Original title
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor acc...
Original description
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-863
Incorrect Authorization
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026