CVE-2026-38930
Authentication Bypass in RapidCMS via SQL Injection
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openrapid | rapidcms | 1.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-38930 is an authentication bypass vulnerability found in RapidCMS version 1.3.1. It exists in the /template/default/menu.php component due to improper access control.
An attacker can exploit this vulnerability by injecting a crafted SQL payload into the 'name' cookie parameter. This manipulation alters the SQL query used for authentication.
By controlling the query result and using the application's internal encode() function logic, the attacker can calculate a matching 'user' cookie value. Setting this cookie grants unauthorized access to the system without proper authentication.
The exploit involves registering a test user, modifying cookies via browser developer tools, and refreshing the page to bypass authentication.
How can this vulnerability impact me? :
This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the RapidCMS system.
Such unauthorized access can lead to potential data exposure, unauthorized modifications, or control over the CMS content and settings.
Because the attacker can impersonate legitimate users without credentials, the integrity and confidentiality of the system and its data are at risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or crafted SQL injection payloads in the 'name' cookie parameter sent to the /template/default/menu.php component of RapidCMS v1.3.1.
One practical approach is to inspect HTTP requests to the affected endpoint and look for suspicious cookie values that may contain SQL injection patterns.
Additionally, detection can be performed by attempting to reproduce the exploit steps: registering a test user, modifying the 'name' and 'user' cookies via browser developer tools or automated scripts, and observing if authentication is bypassed.
While no specific commands are provided, network administrators can use tools like curl or browser developer tools to manually test the vulnerability by setting crafted cookie values.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the authentication bypass vulnerability in OpenRapid RapidCMS v1.3.1 on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the authentication bypass vulnerability in OpenRapid RapidCMS v1.3.1, immediate steps should focus on preventing exploitation via the name cookie parameter.
- Restrict or sanitize the input for the name cookie parameter to prevent SQL injection.
- Implement proper access control checks in the /template/default/menu.php component to ensure authentication cannot be bypassed.
- Monitor and block suspicious cookie manipulation attempts, such as unexpected or crafted cookie values.
- If possible, temporarily disable or restrict access to the vulnerable component until a patch or update is available.
Additionally, review and update authentication mechanisms to avoid reliance on client-controlled cookie values for authentication.