Apprain: >> Apprain >> 4.0.5 Security Vulnerabilities
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theĀ 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-09-04
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theĀ 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-09-04
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-04
Page 4