CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8335 – OpenRapid RapidCMS runlogon.php sql injection
https://notcve.org/view.php?id=CVE-2024-8335
30 Aug 2024 — A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.276210 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8331 – OpenRapid RapidCMS user-move-run.php sql injection
https://notcve.org/view.php?id=CVE-2024-8331
30 Aug 2024 — A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. • https://gitee.com/A0kooo/cve_article/blob/master/RapidCMS/SQL%20injection1/rapidcms%20user-move-run.php%20SQL%20injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3852 – OpenRapid RapidCMS upload.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3852
23 Jul 2023 — A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe • CWE-434: Unrestricted Upload of File with Dangerous Type •