CVE-2023-4448

CRITICAL EPSS 41.4%
Published Aug 21, 20232y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Aug 21, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
41.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-640

Affected Products 1

VendorProductVersionRange
openrapidrapidcms1.3.1any

References 4

  • github.com https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe#diff-fc57d4c69cf5912c6edb5233c6df069a91106ebd481c115faf1ea124478b26d0
    Patch
  • github.com https://github.com/OpenRapid/rapidcms/issues/5
    Issue TrackingPatch
  • vuldb.com https://vuldb.com/?ctiid.237569
    Permissions RequiredThird Party Advisory
  • vuldb.com https://vuldb.com/?id.237569
    Third Party Advisory

Remediation

  • github.com https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe#diff-fc57d4c69cf5912c6edb5233c6df069a91106ebd481c115faf1ea124478b26d0
    Patch
  • github.com https://github.com/OpenRapid/rapidcms/issues/5
    Issue TrackingPatch