CVE-2026-38930
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
An authentication bypass vulnerability was discovered in OpenRapid RapidCMS v1.3.1 within the /template/default/menu.php component. The flaw is exploited by injecting a crafted SQL payload into the 'name' cookie parameter.
Risk Assessment
An attacker can bypass authentication mechanisms and gain unauthorized access to the admin panel, potentially leading to full compromise of the CMS system.
Recommendation
Immediately update RapidCMS to the latest available version and implement parameterized SQL queries to prevent injection attacks.
Original NVD description (English source)
OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter.

