OpenRapid RapidCMS uploadicon.php isImg unrestricted upload
CVE-2023-5262

8.8HIGH

Key Information:

Vendor
OpenRapid
Status
RapidCMS
Vendor
CVE Published:
29 September 2023

Summary

A vulnerability exists in OpenRapid RapidCMS version 1.3.1, specifically in the isImg function located in the /admin/config/uploadicon.php file. This vulnerability arises from improper handling of the fileName argument, which allows for unrestricted file upload. This flaw can be exploited remotely, enabling unauthorized access or potentially malicious actions on the server. The details of this vulnerability have been publicly disclosed, leading to concerns regarding its exploitation in the wild. Organizations utilizing this software version should take immediate action to address this vulnerability to safeguard their systems.

Affected Version(s)

RapidCMS 1.3.1

References

https://vuldb.com/?id.240871
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240871
signaturepermissions-required
https://github.com/OpenRapid/rapidcms/issues/10
issue-tracking

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jamspilly (VulDB User)
.