📄 Redaxo 5.20.1 Path Traversal

Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...

Exploit for Path Traversal in Redaxo

CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Lead...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

EUVD-2026-0817

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

PT-2026-2105

Name of the Vulnerable Software and Affected Versions REDAXO versions prior to 5.20.2 Description REDAXO is a PHP-based content management system. Authenticated users with backup permissions can read arbitrary files within the webroot due to a path traversal issue in the Backup addon’s file expor...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the EXPDIR POST parameter in the Backup addon. An authenticated attacker can access sensitive files within the webroot by supplying crafted directory traversal sequences, potentially leading to disclosure of...

GHSA-824X-88XG-CWRV Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. Details The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories. An...