PT-2023-8849 · Openrapid+1 · Openrapid Rapidcms+1
Txph
·
Published
2023-08-20
·
Updated
2024-05-17
·
CVE-2023-4448
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenRapid RapidCMS version 1.3.1
Description
A critical issue affects the processing of the file
admin/run-movepass.php, where the manipulation of the password and password2 arguments leads to weak password recovery. The attack can be initiated remotely.Recommendations
For OpenRapid RapidCMS version 1.3.1, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the
admin/run-movepass.php file until a patch is available. Avoid using the password and password2 arguments in the affected file until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openrapid Rapidcms
Red Os