Lucene search
K

161 matches found

Cvelist
Cvelist
added 2025/12/17 12:0 a.m.23 views

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

0.00687EPSS
Exploits1References2
CVE
CVE
added 2025/12/17 12:0 a.m.15 views

CVE-2025-67168

RiteCMS v3.1.0 is affected by CVE-2025-67168 due to insecure password storage via weak encryption. Multiple sources (NVD, Red Hat, EUVD, CNVD, OSV, CNVD) describe the issue consistently; root cause is insecure password encryption, with impact limited to confidentiality (C: Low) and no integrity/a...

5.3CVSS6.8AI score0.00125EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/12/17 12:0 a.m.25 views

CVE-2025-67172

RiteCMS CVE-2025-67172 affects RiteCMS v3.1.0 and stems from a flaw in the parse_special_tags function, enabling authenticated remote code execution. The vulnerability is documented across multiple sources (NVD, RH, CNVD, OSV, EUVD, CNNVD, CVE lists) with CVSS v3.1 base score 7.2 (HIGH), Attack V...

7.2CVSS8.1AI score0.00773EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...

7.5CVSS5.8AI score0.00687EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/17 12:0 a.m.2 views

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

6.4AI score0.00687EPSS
Exploits1References2
CVE
CVE
added 2025/12/17 12:0 a.m.14 views

CVE-2025-67171

Summary (CVE-2025-67171): RiteCMS v3.1.0 has an improper access control in the /templates/ component that allows directory traversal to access sensitive files. The root cause is lack of validity checking of paths when processing directory requests, exposing confidentiality (high) but not integrit...

7.5CVSS6.4AI score0.00687EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a code execution vulnerability that stems from a flaw in the parsespecialtags function, which can be exploited by an attacker to cause remote code execution...

7.2CVSS6.4AI score0.00773EPSS
Exploits1References5
CVE
CVE
added 2025/12/17 12:0 a.m.9 views

CVE-2025-67170

RiteCMS v3.1.0 is affected by a reflected cross-site scripting (XSS) vulnerability. The issue stems from insufficient filtering/escaping of user-supplied data, enabling an attacker to cause arbitrary script execution in the context of a victim’s browser via a crafted payload. Affected product is ...

6.1CVSS5.9AI score0.00218EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/12/17 12:0 a.m.11 views

CVE-2025-67174

RiteCMS v3.1.0 contains a local file inclusion (LFI) vulnerability in the admin.php component, exploitable via directory traversal in admin_language_file and default_page_language_file. The issue allows an attacker to read arbitrary files on the host. Multiple connected sources (CNVD-2026-05343, ...

7.5CVSS6.2AI score0.01098EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. An unspecified vulnerability exists in RiteCMS that stems from the use of insecure encryption to store passwords. No detailed vulnerability details are provided at this time...

5.3CVSS5.8AI score0.00125EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 12:0 a.m.4 views

CVE-2025-67170

A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

6.1CVSS6.2AI score0.00218EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 12:0 a.m.5 views

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

6.2CVSS6.5AI score0.01098EPSS
Exploits1References6
OSV
OSV
added 2025/12/17 12:0 a.m.8 views

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

7.2CVSS8.4AI score0.00773EPSS
Exploits1References6
OSV
OSV
added 2025/12/17 12:0 a.m.5 views

CVE-2025-67168

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords...

5.3CVSS7.1AI score0.00125EPSS
Exploits1References5
OSV
OSV
added 2025/12/17 12:0 a.m.4 views

CVE-2025-67173

A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...

6.8CVSS6.7AI score0.00159EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 12:0 a.m.6 views

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

7.5CVSS6.7AI score0.00687EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

7.5CVSS5.8AI score0.01098EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51864

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

7.5CVSS6.8AI score0.00687EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.11 views

PT-2025-51851

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parse special tags function...

7.2CVSS8.4AI score0.00773EPSS
Exploits1References5
CVE
CVE
added 2025/12/17 12:0 a.m.11 views

CVE-2025-67173

RiteCMS v3.1.0 has a Cross-Site Request Forgery (CSRF) vulnerability in the page creation/editing functions that allows an attacker to arbitrarily create pages via a crafted POST request. Multiple sources corroborate that the issue arises from requests not adequately verifying the origin/intent o...

6.8CVSS6.4AI score0.00159EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder