CVE Catalog

CVE-2026-38930

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

An authentication bypass vulnerability was discovered in OpenRapid RapidCMS v1.3.1 within the /template/default/menu.php component. The flaw is exploited by injecting a crafted SQL payload into the 'name' cookie parameter.

Risk Assessment

An attacker can bypass authentication mechanisms and gain unauthorized access to the admin panel, potentially leading to full compromise of the CMS system.

Recommendation

Immediately update RapidCMS to the latest available version and implement parameterized SQL queries to prevent injection attacks.

Original NVD description (English source)

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS