CVE-2024-8331
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8331 identifies a critical SQL injection vulnerability in OpenRapid RapidCMS versions up to 1.3.1, specifically affecting the /admin/user/user-move-run.php file. This vulnerability allows attackers to manipulate the "username" argument, enabling remote exploitation with no authentication required. Organizations using affected products risk significant integrity and confidentiality breaches due to the high impact on their systems. To remediate this vulnerability, it is advised to update RapidCMS to a version that addresses this issue as soon as possible. The potential for exploitation has been publicly disclosed, increasing the urgency for affected users to take action.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.