What is GHSA-x5jj-8qq8-g67q?

GHSA-x5jj-8qq8-g67q is a security advisory published by GitHub Security Advisories with High severity. Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that...

Which CVE IDs does GHSA-x5jj-8qq8-g67q cover?

GHSA-x5jj-8qq8-g67q covers the following CVE IDs: CVE-2018-25353. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-x5jj-8qq8-g67q?

GHSA-x5jj-8qq8-g67q has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-x5jj-8qq8-g67qHighCVSS 8.8

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25353 →

📋 Description

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25353
https://redaxo.org
https://redaxo.org/download/redaxo/5.5.1.zip
https://www.exploit-db.com/exploits/44891
https://www.vulncheck.com/advisories/redaxo-cms-mediapool-addon-arbitrary-file-upload
https://github.com/advisories/GHSA-x5jj-8qq8-g67q