Impact
Raytha CMS is vulnerable to SQL injection within the OData filter parsing pipeline, allowing a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database. This can lead to full database compromise, including the extraction of credentials and other sensitive data.
Affected Systems
Raytha CMS, version 1.5.2 is confirmed to be vulnerable, with potential impact on other versions as well. The vendor has not published an official fix and attempts to contact support have been unsuccessful.
Risk and Exploitability
The CVSS score of 9.3 indicates a very high severity vulnerability. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote, with an unauthenticated attacker sending crafted OData queries that trigger the vulnerable filter parsing logic, resulting in arbitrary SQL execution on the PostgreSQL backend.
OpenCVE Enrichment