157 matches found
CVE-2024-44838
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php...
CVE-2024-45771
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php...
CVE-2024-44839
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php...
CVE-2024-44838
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php...
CVE-2024-44839
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php...
CVE-2024-44838
RapidCMS v1.3.1 contains a SQL injection vulnerability in the login path via the username parameter to /resource/runlogin.php. Impacted with high confidentiality, integrity, and availability (per CVSS 3.1: 9.8). No remediation or exploit details are provided in the supplied documents.
CVE-2024-44839
RapidCMS v1.3.1 contains a SQL injection flaw via the articleid parameter in /default/article.php. The vulnerability impacts confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). No patch/version fix is specified in the provided documents; a PT-2024-31274 note cites no informati...
CVE-2024-45771
RapidCMS v1.3.1 contains a SQL injection via the password parameter at /resource/runlogin.php. Root cause appears to be unsanitized input in the login endpoint, enabling high-impact attacks (CVSS 3.1 base score 9.8, CRITICAL). Public exploit details are not provided in the documents. Some sources...
CVE-2024-8335
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2024-8335 OpenRapid RapidCMS runlogon.php sql injection
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2024-8335 OpenRapid RapidCMS runlogon.php sql injection
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2024-8335 OpenRapid RapidCMS runlogon.php sql injection
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2024-8335
CVE-2024-8335 affects OpenRapid RapidCMS up to 1.3.1. A SQL injection flaw exists in an unknown function of /resource/runlogon.php triggered by manipulating the username parameter, with remote exploitation reported. Public exploit/disclosures are present. A workaround mentioned in PT-Security gui...
CVE-2024-8331
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2024-8331
OpenRapid RapidCMS up to v1.3.1 is affected by a SQL injection in /admin/user/user-move-run.php via the username parameter. The issue allows remote exploitation and has public PoCs/exploit details. The exact root cause is the SQL injection in the username argument, impacting confidentiality, inte...
OpenRapid RapidCMS SQL注入漏洞
OpenRapid RapidCMS is OpenRapid open source a fast and easy to use CMS system. A SQL injection vulnerability exists in OpenRapid RapidCMS version 1.3.1 and earlier versions, which originates from a SQL injection vulnerability in the username parameter of the /admin/user/user-move-run.php file...
PT-2024-38946 · Openrapid · Openrapid Rapidcms
Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS versions up to 1.3.1 Description: A critical issue was found in OpenRapid RapidCMS, affecting the file /admin/user/user-move-run.php. The manipulation of the username argument leads to SQL injection. It is possible to...