CVE-2023-5262

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS version 1.3.1

Description A critical vulnerability has been found in OpenRapid RapidCMS, affecting the isImg function of the file /admin/config/uploadicon.php. The manipulation of the fileName argument leads to unrestricted upload. The attack can be launched remotely.

Recommendations For OpenRapid RapidCMS version 1.3.1, as a temporary workaround, consider disabling the isImg function until a patch is available. Restrict access to the /admin/config/uploadicon.php file to minimize the risk of exploitation. Avoid using the fileName argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.