16 matches found
CVE-2023-4448
OpenRapid RapidCMS 1.3.1 is affected by a vulnerability in admin/run-movepass.php where manipulating password/password2 can cause weak password recovery. Remote attack potential is stated, and a patch with identifier 4dff387283060961c362d50105ff8da8ea40bcbe is available (VDB-237569). No exploit d...
CVE-2023-4447
OpenRapid RapidCMS 1.3.1 is affected by a SQL injection in admin/article-chat.php caused by unsafely manipulating the id parameter. The vulnerability can be exploited remotely and has been publicly disclosed under CVE-2023-4447. Multiple sources (NVD, Red Hat, OSV, CVE List) describe the issue as...
CVE-2023-5032
OpenRapid RapidCMS 1.3.1 contains a SQL injection in /admin/article/article-edit-run.php through the id parameter. The issue affects some unknown functionality of that file and can be exploited remotely; the vulnerability is associated with CVE-2023-5032 and has been disclosed publicly. A practic...
CVE-2023-5262
OpenRapid RapidCMS 1.3.1 is affected by a vulnerability in the isImg function of /admin/config/uploadicon.php, where manipulating the fileName parameter leads to unrestricted upload. Several sources (NVD, CVE record, OSV, CVE listings) describe remote exploitation with public disclosure (CVE-2023...
CVE-2024-45771
RapidCMS v1.3.1 contains a SQL injection via the password parameter at /resource/runlogin.php. Root cause appears to be unsanitized input in the login endpoint, enabling high-impact attacks (CVSS 3.1 base score 9.8, CRITICAL). Public exploit details are not provided in the documents. Some sources...
CVE-2024-44838
RapidCMS v1.3.1 contains a SQL injection vulnerability in the login path via the username parameter to /resource/runlogin.php. Impacted with high confidentiality, integrity, and availability (per CVSS 3.1: 9.8). No remediation or exploit details are provided in the supplied documents.
CVE-2024-44839
RapidCMS v1.3.1 contains a SQL injection flaw via the articleid parameter in /default/article.php. The vulnerability impacts confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). No patch/version fix is specified in the provided documents; a PT-2024-31274 note cites no informati...
CVE-2023-3852
OpenRapid RapidCMS up to version 1.3.1 is affected by a vulnerability in the /admin/upload.php script. The issue arises from manipulating the file parameter, which allows unrestricted remote file upload. Exploitation can be performed remotely and the vulnerability has been publicly disclosed. A p...
CVE-2023-5033
OpenRapid RapidCMS 1.3.1 contains a SQL injection in /admin/category/cate-edit-run.php triggered by manipulating the id argument. Exploitation can be remote; multiple sources (NVD, Red Hat, CVE list, OSV, CVSS vectors) confirm a high-impact vulnerability (CVE-2023-5033) with a public exploit path...
CVE-2023-4446
OpenRapid RapidCMS 1.3.1 is affected by a SQL injection in the file template/default/category.php via manipulation of the id parameter. Reported as critical; attack surface relates to the affected category.php code path, with potential impact on confidentiality, integrity, and availability. No fi...
CVE-2024-8331
OpenRapid RapidCMS up to v1.3.1 is affected by a SQL injection in /admin/user/user-move-run.php via the username parameter. The issue allows remote exploitation and has public PoCs/exploit details. The exact root cause is the SQL injection in the username argument, impacting confidentiality, inte...
CVE-2023-5258
OpenRapid RapidCMS 1.3.1 is affected by a SQL injection in /resource/addgood.php via the id parameter. The issue is exploitable remotely and has public material (VDB-240867). Multiple sources confirm the vulnerability without patch/version details. Remediation guidance in PT-2023-31980 suggests d...
CVE-2024-8335
CVE-2024-8335 affects OpenRapid RapidCMS up to 1.3.1. A SQL injection flaw exists in an unknown function of /resource/runlogon.php triggered by manipulating the username parameter, with remote exploitation reported. Public exploit/disclosures are present. A workaround mentioned in PT-Security gui...
CVE-2023-5031
OpenRapid RapidCMS 1.3.1 contains a SQL injection in the admin/articl e/article-add.php file caused by unsafely handling the id argument. The issue can be exploited remotely and impacts confidentiality; exploitation details are disclosed publicly. Affected product: OpenRapid RapidCMS 1.3.1 (file:...
CVE-2025-64047
CVE-2025-64047 affects OpenRapid RapidCMS 1.3.1 and is described as vulnerable to Cross Site Scripting (XSS) in the endpoint /user/user-move.php. The connected Red Hat, ENISA ENISA EUVD, NVD, OSV, CNNVD, CVE/CVEs listings, and vuln enrichment sources, all confirm a XSS issue for this version. The...
CVE-2025-64046
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in the /system/update-run.php endpoint. The Red Hat/EUVD/NVD and related feeds confirm the same description. The root cause is a reflected or stored XSS flaw in that API endpoint, enabling injection of malicious scripts. Impact ...