SQL Injection Vulnerability Discovered in RapidCMS v1.3.1
CVE-2024-45771

Currently unrated

Key Information:

Vendor: RapidCMS
Status: Rapidcms
Vendor: CVE Published:; 6 September 2024

What is CVE-2024-45771?

A vulnerability has been identified in RapidCMS version 1.3.1 that allows for SQL injection through the password parameter in the authentication process at /resource/runlogin.php. This flaw could permit an attacker to manipulate database queries, potentially leading to unauthorized access and exposure of sensitive information. Proper validation and sanitization of input parameters are crucial to mitigate the risks associated with this vulnerability. Developers and users of RapidCMS are advised to review the security measures in place and consider updating to address this issue.

References

https://github.com/OpenRapid/rapidcms/issues/17

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2024