CVE-2023-3852

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS versions up to 1.3.1

Description A critical issue affects the file /admin/upload.php, where the manipulation of the file argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, apply the patch with the name 4dff387283060961c362d50105ff8da8ea40bcbe. As a temporary workaround, consider restricting access to the /admin/upload.php file until the patch is applied. Avoid using the file argument in the affected file until the issue is resolved.