CNNVD-202601-1119 Information

CNNVD ID

CNNVD-202601-1119

Related CVE

CVE-2026-21857

• CNNVD Published: 2026-01-07

Description (Chinese)

REDAXO是REDAXO开源的一个内容管理系统。 REDAXO 5.20.2之前版本存在安全漏洞，该漏洞源于Backup附加组件的文件导出功能存在路径遍历，可能导致具有备份权限的用户读取webroot内的任意文件。

Description (English)

REDDAXO is an open-source content management system for REDDAXO. There is a security loophole in the pre-REDAXO 5.202 version, which originates from the file export function of the Backup attachment, which has a routing history that may lead users with back-up access to any file within webroot.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Redaxo

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/redaxo/redaxo/releases/tag/5.20.2 https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv

Patch

https://redaxo.org/download/core/