OpenRapid RapidCMS cate-edit-run.php sql injection
CVE-2023-5033

7.2HIGH

Key Information:

Vendor
OpenRapid
Status
RapidCMS
Vendor
CVE Published:
18 September 2023

Summary

A SQL injection vulnerability has been identified in OpenRapid's RapidCMS 1.3.1, specifically within the file located at /admin/category/cate-edit-run.php. The flaw arises when the 'id' argument is manipulated, opening the door for remote exploitation. This allows attackers to execute arbitrary SQL code, potentially leading to unauthorized data access or manipulation. The details of this exploit have been publicly disclosed, warning users about the risks associated with the affected version.

Affected Version(s)

RapidCMS 1.3.1

References

https://vuldb.com/?id.239877
vdb-entrytechnical-description
https://vuldb.com/?ctiid.239877
signaturepermissions-required
https://github.com/yhy217/rapidcms-vul/issues/3
exploitissue-tracking

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jamspilly (VulDB User)
.