Ritecms
by Handylulu
Source repositories
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-5317 | 0.03 | — | 0.00 | Aug 20, 2013 | Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php. | ||
| CVE-2013-5316 | 0.03 | — | 0.00 | Aug 20, 2013 | Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php. | ||
| CVE-2025-67168 | 0.00 | — | 0.00 | Dec 17, 2025 | RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords. | ||
| CVE-2025-67170 | 0.00 | — | 0.00 | Dec 17, 2025 | A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. | ||
| CVE-2025-67174 | 0.00 | — | 0.00 | Dec 17, 2025 | A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component | ||
| CVE-2025-67173 | 0.00 | — | 0.00 | Dec 17, 2025 | A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request. | ||
| CVE-2025-67171 | 0.00 | — | 0.01 | Dec 17, 2025 | Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal. | ||
| CVE-2025-67172 | 0.00 | — | 0.01 | Dec 17, 2025 | RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function. |
- CVE-2013-5317Aug 20, 2013risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
- CVE-2013-5316Aug 20, 2013risk 0.03cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
- CVE-2025-67168Dec 17, 2025risk 0.00cvss —epss 0.00
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
- CVE-2025-67170Dec 17, 2025risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
- CVE-2025-67174Dec 17, 2025risk 0.00cvss —epss 0.00
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component
- CVE-2025-67173Dec 17, 2025risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.
- CVE-2025-67171Dec 17, 2025risk 0.00cvss —epss 0.01
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.
- CVE-2025-67172Dec 17, 2025risk 0.00cvss —epss 0.01
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.