161 matches found
CVE-2025-67171
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...
CVE-2025-67168
RiteCMS v3.1.0 is affected by CVE-2025-67168 due to insecure password storage via weak encryption. Multiple sources (NVD, Red Hat, EUVD, CNVD, OSV, CNVD) describe the issue consistently; root cause is insecure password encryption, with impact limited to confidentiality (C: Low) and no integrity/a...
CVE-2025-67172
RiteCMS CVE-2025-67172 affects RiteCMS v3.1.0 and stems from a flaw in the parse_special_tags function, enabling authenticated remote code execution. The vulnerability is documented across multiple sources (NVD, RH, CNVD, OSV, EUVD, CNNVD, CVE lists) with CVSS v3.1 base score 7.2 (HIGH), Attack V...
RiteCMS 安全漏洞
RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...
CVE-2025-67171
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...
CVE-2025-67171
Summary (CVE-2025-67171): RiteCMS v3.1.0 has an improper access control in the /templates/ component that allows directory traversal to access sensitive files. The root cause is lack of validity checking of paths when processing directory requests, exposing confidentiality (high) but not integrit...
RiteCMS 安全漏洞
RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a code execution vulnerability that stems from a flaw in the parsespecialtags function, which can be exploited by an attacker to cause remote code execution...
CVE-2025-67170
RiteCMS v3.1.0 is affected by a reflected cross-site scripting (XSS) vulnerability. The issue stems from insufficient filtering/escaping of user-supplied data, enabling an attacker to cause arbitrary script execution in the context of a victim’s browser via a crafted payload. Affected product is ...
CVE-2025-67174
RiteCMS v3.1.0 contains a local file inclusion (LFI) vulnerability in the admin.php component, exploitable via directory traversal in admin_language_file and default_page_language_file. The issue allows an attacker to read arbitrary files on the host. Multiple connected sources (CNVD-2026-05343, ...
RiteCMS 安全漏洞
RiteCMS is an open source content management system based on php and sqlite. An unspecified vulnerability exists in RiteCMS that stems from the use of insecure encryption to store passwords. No detailed vulnerability details are provided at this time...
CVE-2025-67170
A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
CVE-2025-67174
A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...
CVE-2025-67172
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...
CVE-2025-67168
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords...
CVE-2025-67173
A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...
CVE-2025-67171
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...
RiteCMS 安全漏洞
RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...
PT-2025-51864
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...
PT-2025-51851
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parse special tags function...
CVE-2025-67173
RiteCMS v3.1.0 has a Cross-Site Request Forgery (CSRF) vulnerability in the page creation/editing functions that allows an attacker to arbitrarily create pages via a crafted POST request. Multiple sources corroborate that the issue arises from requests not adequately verifying the origin/intent o...