CVE-2026-38930

MEDIUM

OpenRapid RapidCMS 1.3.1 - Authentication Bypass via SQL Injection in Name Cookie Parameter

Title source: llm

Description

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter.

References (3)

Core 3

Core References

http://openrapid.com

http://rapidcms.com

https://moworn.github.io/post/cve-2026-38930/

Scores

CVSS v3 6.5

EPSS 0.0032

EPSS Percentile 23.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Published May 27, 2026

Tracked Since May 27, 2026