CVE-2025-27411 – redaxo/source

Package

Manager: composer
Name: redaxo/source
Vulnerable Version: >=0 <5.18.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00036 pctl0.09036

Details

REDAXO allows Arbitrary File Upload in the mediapool page ### Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. ### Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload. ### PoC 1. Log in to the portal then navigate to `Mediapool`. 2. Upload a png file (ex: poc.png) ![1](https://github.com/user-attachments/assets/e9165434-d2cd-437b-87a3-f9527d4f3070) 3. Intercept the upload HTTP request on burp suite and change `filename: poc.1html`, `Content-Type:image/html` and insert the malicious html code. (ex: `<IFRAME SRC="javascript:alert(1);"></IFRAME>`) ![2](https://github.com/user-attachments/assets/f8da0e6b-e807-46be-a867-dc31b1e13e57) 4. Forward the request. 5. Navigate to the file. ![3](https://github.com/user-attachments/assets/4c44c5cf-8467-452d-b249-cf2d72e0d328) ![4](https://github.com/user-attachments/assets/29db80e3-a5b9-4354-a292-c1ae7189931a) ### Impact Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.

Metadata

Created: 2025-03-05T18:31:35Z
Modified: 2025-03-05T19:30:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-wppf-gqj5-fc4f/GHSA-wppf-gqj5-fc4f.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-wppf-gqj5-fc4f
Finding: F027
Auto approve: 1