OpenRapid RapidCMS upload.php unrestricted upload
CVE-2023-3852

7.2HIGH

Key Information:

Vendor
OpenRapid
Status
RapidCMS
Vendor
CVE Published:
23 July 2023

Summary

An unrestricted file upload vulnerability exists in OpenRapid RapidCMS versions up to 1.3.1 that can be exploited by manipulating the 'file' argument in the /admin/upload.php file. This vulnerability allows an attacker to upload malicious files remotely, potentially compromising the application and its data. It has been made public, and users are advised to apply the patch (4dff387283060961c362d50105ff8da8ea40bcbe) provided by OpenRapid to mitigate this risk.

Affected Version(s)

RapidCMS 1.3.0

RapidCMS 1.3.1

References

https://vuldb.com/?id.235204
vdb-entrytechnical-description
https://vuldb.com/?ctiid.235204
signaturepermissions-required
https://github.com/OpenRapid/rapidcms/issues/1
exploitissue-tracking

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TXPH (VulDB User)
.