OpenRapid RapidCMS Authentication Bypass Vulnerability Allowing Unauthorized Access

An authentication bypass vulnerability has been identified in OpenRapid RapidCMS version 1.3.1. The issue resides in the '/template/default/menu.php' component, where an unauthenticated attacker can inject a crafted SQL payload into the 'name' cookie parameter. This manipulation exploits the application's authentication mechanism, allowing unauthorized access.

Impact

Exploiting this vulnerability bypasses authentication, granting unauthorized users access to the system as if they were legitimate users.

Reproduction

To reproduce this vulnerability, first register a user and log into the website. Then, access the Developer Tools and navigate to the Application or Storage tab to find the 'user' and 'name' cookies. Modify the 'user' cookie to a specific encoded value and inject a SQL payload into the 'name' cookie. After refreshing the page, the authentication bypass will be triggered, and access will be granted as the injected user.