CVE-2026-53690

UNKNOWN 0.0

SQL Injection in Redeight CMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.

CWE	CWE-89
Vendor	redeight
Product	redeight cms
Published	Jun 30, 2026
Last Updated	Jun 30, 2026

Stay Ahead of the Next One

Get instant alerts for redeight redeight cms

Be the first to know when new unknown vulnerabilities affecting redeight redeight cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Redeight / Redeight CMS

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/06/CVE-2026-53690

Credits

Jacek Czepil