Loading market data...
← Back to CVE feed

CVE-2026-53690

UNKNOWN View on NVD ↗

Description

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.

Published: Jun 30, 2026 12:16 UTC Modified: Jun 30, 2026 14:14 UTC