A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871.
References
Link | Resource |
---|---|
https://github.com/OpenRapid/rapidcms/issues/10 | Issue Tracking |
https://github.com/yhy217/rapidcms-vul/issues/5 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.240871 | Third Party Advisory |
https://vuldb.com/?id.240871 | Third Party Advisory |
https://github.com/OpenRapid/rapidcms/issues/10 | Issue Tracking |
https://github.com/yhy217/rapidcms-vul/issues/5 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.240871 | Third Party Advisory |
https://vuldb.com/?id.240871 | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/OpenRapid/rapidcms/issues/10 - Issue Tracking | |
References | () https://github.com/yhy217/rapidcms-vul/issues/5 - Exploit, Issue Tracking | |
References | () https://vuldb.com/?ctiid.240871 - Third Party Advisory | |
References | () https://vuldb.com/?id.240871 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.3 |
29 Feb 2024, 01:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-29 14:15
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5262
Mitre link : CVE-2023-5262
CVE.ORG link : CVE-2023-5262
JSON object : View
Products Affected
openrapid
- rapidcms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type