Lucene search
K
OpenrapidRapidcms

16 matches found

CVE
CVE
added 2023/08/21 2:0 a.m.160 views

CVE-2023-4448

OpenRapid RapidCMS 1.3.1 is affected by a vulnerability in admin/run-movepass.php where manipulating password/password2 can cause weak password recovery. Remote attack potential is stated, and a patch with identifier 4dff387283060961c362d50105ff8da8ea40bcbe is available (VDB-237569). No exploit d...

9.8CVSS8.1AI score0.00542EPSS
Web
CVE
CVE
added 2023/08/21 1:31 a.m.140 views

CVE-2023-4447

OpenRapid RapidCMS 1.3.1 is affected by a SQL injection in admin/article-chat.php caused by unsafely manipulating the id parameter. The vulnerability can be exploited remotely and has been publicly disclosed under CVE-2023-4447. Multiple sources (NVD, Red Hat, OSV, CVE List) describe the issue as...

9.8CVSS8.4AI score0.00526EPSS
Web
CVE
CVE
added 2023/09/18 3:31 a.m.119 views

CVE-2023-5032

OpenRapid RapidCMS 1.3.1 contains a SQL injection in /admin/article/article-edit-run.php through the id parameter. The issue affects some unknown functionality of that file and can be exploited remotely; the vulnerability is associated with CVE-2023-5032 and has been disclosed publicly. A practic...

7.2CVSS6.9AI score0.00539EPSS
Web
CVE
CVE
added 2023/09/29 1:31 p.m.67 views

CVE-2023-5262

OpenRapid RapidCMS 1.3.1 is affected by a vulnerability in the isImg function of /admin/config/uploadicon.php, where manipulating the fileName parameter leads to unrestricted upload. Several sources (NVD, CVE record, OSV, CVE listings) describe remote exploitation with public disclosure (CVE-2023...

8.8CVSS7.6AI score0.00639EPSS
Web
CVE
CVE
added 2024/09/06 12:0 a.m.56 views

CVE-2024-45771

RapidCMS v1.3.1 contains a SQL injection via the password parameter at /resource/runlogin.php. Root cause appears to be unsanitized input in the login endpoint, enabling high-impact attacks (CVSS 3.1 base score 9.8, CRITICAL). Public exploit details are not provided in the documents. Some sources...

9.8CVSS8.1AI score0.00492EPSS
Web
CVE
CVE
added 2024/09/06 12:0 a.m.55 views

CVE-2024-44838

RapidCMS v1.3.1 contains a SQL injection vulnerability in the login path via the username parameter to /resource/runlogin.php. Impacted with high confidentiality, integrity, and availability (per CVSS 3.1: 9.8). No remediation or exploit details are provided in the supplied documents.

9.8CVSS7.9AI score0.00503EPSS
Web
CVE
CVE
added 2024/09/06 12:0 a.m.55 views

CVE-2024-44839

RapidCMS v1.3.1 contains a SQL injection flaw via the articleid parameter in /default/article.php. The vulnerability impacts confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). No patch/version fix is specified in the provided documents; a PT-2024-31274 note cites no informati...

9.8CVSS7.9AI score0.00492EPSS
Web
CVE
CVE
added 2023/07/23 10:0 p.m.53 views

CVE-2023-3852

OpenRapid RapidCMS up to version 1.3.1 is affected by a vulnerability in the /admin/upload.php script. The issue arises from manipulating the file parameter, which allows unrestricted remote file upload. Exploitation can be performed remotely and the vulnerability has been publicly disclosed. A p...

7.2CVSS5.9AI score0.23162EPSS
Web
CVE
CVE
added 2023/09/18 4:31 a.m.53 views

CVE-2023-5033

OpenRapid RapidCMS 1.3.1 contains a SQL injection in /admin/category/cate-edit-run.php triggered by manipulating the id argument. Exploitation can be remote; multiple sources (NVD, Red Hat, CVE list, OSV, CVSS vectors) confirm a high-impact vulnerability (CVE-2023-5033) with a public exploit path...

7.2CVSS6.9AI score0.00578EPSS
Web
CVE
CVE
added 2023/08/21 1:0 a.m.52 views

CVE-2023-4446

OpenRapid RapidCMS 1.3.1 is affected by a SQL injection in the file template/default/category.php via manipulation of the id parameter. Reported as critical; attack surface relates to the affected category.php code path, with potential impact on confidentiality, integrity, and availability. No fi...

9.8CVSS7.8AI score0.00606EPSS
Web
CVE
CVE
added 2024/08/30 11:0 a.m.49 views

CVE-2024-8331

OpenRapid RapidCMS up to v1.3.1 is affected by a SQL injection in /admin/user/user-move-run.php via the username parameter. The issue allows remote exploitation and has public PoCs/exploit details. The exact root cause is the SQL injection in the username argument, impacting confidentiality, inte...

9.8CVSS7.3AI score0.0058EPSS
Web
CVE
CVE
added 2023/09/29 11:31 a.m.48 views

CVE-2023-5258

OpenRapid RapidCMS 1.3.1 is affected by a SQL injection in /resource/addgood.php via the id parameter. The issue is exploitable remotely and has public material (VDB-240867). Multiple sources confirm the vulnerability without patch/version details. Remediation guidance in PT-2023-31980 suggests d...

9.8CVSS8.3AI score0.00598EPSS
Web
CVE
CVE
added 2024/08/30 12:31 p.m.47 views

CVE-2024-8335

CVE-2024-8335 affects OpenRapid RapidCMS up to 1.3.1. A SQL injection flaw exists in an unknown function of /resource/runlogon.php triggered by manipulating the username parameter, with remote exploitation reported. Public exploit/disclosures are present. A workaround mentioned in PT-Security gui...

9.8CVSS7.4AI score0.0059EPSS
Web
CVE
CVE
added 2023/09/18 1:31 a.m.43 views

CVE-2023-5031

OpenRapid RapidCMS 1.3.1 contains a SQL injection in the admin/articl e/article-add.php file caused by unsafely handling the id argument. The issue can be exploited remotely and impacts confidentiality; exploitation details are disclosed publicly. Affected product: OpenRapid RapidCMS 1.3.1 (file:...

6.5CVSS6.8AI score0.00421EPSS
Web
CVE
CVE
added 2025/11/24 12:0 a.m.15 views

CVE-2025-64047

CVE-2025-64047 affects OpenRapid RapidCMS 1.3.1 and is described as vulnerable to Cross Site Scripting (XSS) in the endpoint /user/user-move.php. The connected Red Hat, ENISA ENISA EUVD, NVD, OSV, CNNVD, CVE/CVEs listings, and vuln enrichment sources, all confirm a XSS issue for this version. The...

6.1CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2025/11/17 12:0 a.m.10 views

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in the /system/update-run.php endpoint. The Red Hat/EUVD/NVD and related feeds confirm the same description. The root cause is a reflected or stored XSS flaw in that API endpoint, enabling injection of malicious scripts. Impact ...

6.1CVSS5.8AI score0.00158EPSS