CVE-2023-4448

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-640
View all →

Vulnerability Description

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2012-5618

CRITICAL
CVSS:9.8(Critical)

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

CWE-6402012

CVE-2012-5686

CRITICAL
CVSS:9.8(Critical)

ZPanel 10.0.1 has insufficient entropy for its password reset process.

CWE-6402012

CVE-2015-4689

CRITICAL
CVSS:9.8(Critical)

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."

CWE-6402015

CVE-2015-5172

CRITICAL
CVSS:9.8(Critical)

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire p...

CWE-6402015

CVE-2017-17097

CRITICAL
CVSS:9.8(Critical)

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-...

CWE-6402017

CVE-2017-2766

CRITICAL
CVSS:9.8(Critical)

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pass...

CWE-6402017