Headline
GHSA-wppf-gqj5-fc4f: REDAXO allows Arbitrary File Upload in the mediapool page
Summary
An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.
Details
On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload.
PoC
- Log in to the portal then navigate to
Mediapool. - Upload a png file (ex: poc.png)
- Intercept the upload HTTP request on burp suite and change
filename: poc.1html,Content-Type:image/htmland insert the malicious html code. (ex:<IFRAME SRC="javascript:alert(1);"></IFRAME>)
Forward the request.
Navigate to the file.
Impact
Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-27411
REDAXO allows Arbitrary File Upload in the mediapool page
Moderate severity GitHub Reviewed Published Mar 5, 2025 in redaxo/redaxo • Updated Mar 5, 2025
Package
composer redaxo/source (Composer)
Affected versions
< 5.18.3
Summary
An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.
Details
On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload.
PoC
Log in to the portal then navigate to Mediapool.
Upload a png file (ex: poc.png)
Intercept the upload HTTP request on burp suite and change filename: poc.1html, Content-Type:image/html and insert the malicious html code. (ex: <IFRAME SRC="javascript:alert(1);"></IFRAME>)
Forward the request.
Navigate to the file.
Impact
Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.
References
- GHSA-wppf-gqj5-fc4f
- https://nvd.nist.gov/vuln/detail/CVE-2025-27411
- redaxo/redaxo@3b2159b
Published to the GitHub Advisory Database
Mar 5, 2025