CVE-2024-8335

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS versions prior to 1.3.1

Description: A critical issue has been found in OpenRapid RapidCMS. The problem lies in an unknown function of the file /resource/runlogon.php. Manipulation of the username argument leads to SQL injection. It is possible to launch the attack remotely.

Recommendations: For versions prior to 1.3.1, as a temporary workaround, consider disabling the unknown function in the /resource/runlogon.php file until a patch is available. Restrict access to the /resource/runlogon.php file to minimize the risk of exploitation. Avoid using the username argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.