CVE-2026-38930

Deferred Deferred - Pending Action

Authentication Bypass in RapidCMS via SQL Injection

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: MITRE

Description

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-27

Last Modified

2026-05-28

Generated

2026-06-17

AI Q&A

2026-05-27

EPSS Evaluated

2026-06-15

NVD

CVE-2026-38930

Affected Vendors & Products

Vendor	Product	Version / Range
openrapid	rapidcms	1.3.1

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

CVE-2026-38930 is an authentication bypass vulnerability found in RapidCMS version 1.3.1. It exists in the /template/default/menu.php component due to improper access control.

An attacker can exploit this vulnerability by injecting a crafted SQL payload into the 'name' cookie parameter. This manipulation alters the SQL query used for authentication.

By controlling the query result and using the application's internal encode() function logic, the attacker can calculate a matching 'user' cookie value. Setting this cookie grants unauthorized access to the system without proper authentication.

The exploit involves registering a test user, modifying cookies via browser developer tools, and refreshing the page to bypass authentication.

Impact Analysis

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the RapidCMS system.

Such unauthorized access can lead to potential data exposure, unauthorized modifications, or control over the CMS content and settings.

Because the attacker can impersonate legitimate users without credentials, the integrity and confidentiality of the system and its data are at risk.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or crafted SQL injection payloads in the 'name' cookie parameter sent to the /template/default/menu.php component of RapidCMS v1.3.1.

One practical approach is to inspect HTTP requests to the affected endpoint and look for suspicious cookie values that may contain SQL injection patterns.

Additionally, detection can be performed by attempting to reproduce the exploit steps: registering a test user, modifying the 'name' and 'user' cookies via browser developer tools or automated scripts, and observing if authentication is bypassed.

While no specific commands are provided, network administrators can use tools like curl or browser developer tools to manually test the vulnerability by setting crafted cookie values.

Compliance Impact

The provided information does not specify any direct impact of the authentication bypass vulnerability in OpenRapid RapidCMS v1.3.1 on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the authentication bypass vulnerability in OpenRapid RapidCMS v1.3.1, immediate steps should focus on preventing exploitation via the name cookie parameter.

Restrict or sanitize the input for the name cookie parameter to prevent SQL injection.
Implement proper access control checks in the /template/default/menu.php component to ensure authentication cannot be bypassed.
Monitor and block suspicious cookie manipulation attempts, such as unexpected or crafted cookie values.
If possible, temporarily disable or restrict access to the vulnerable component until a patch or update is available.

Additionally, review and update authentication mechanisms to avoid reliance on client-controlled cookie values for authentication.

Hi! I’m here to help you understand CVE-2026-38930. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-38930

Authentication Bypass in RapidCMS via SQL Injection

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart