Ray Zhuang

5 exploits Active since Dec 2025
CVE-2025-67168 WRITEUP MEDIUM WORKING POC
RiteCMS 3.1.0 - Use of Password Hash With Insufficient Computational Effort
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
CVSS 5.3
CVE-2025-67171 WRITEUP HIGH WORKING POC
RiteCMS 3.1.0 - Path Traversal in Templates Component
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.
CVSS 7.5
CVE-2025-67172 WRITEUP HIGH WORKING POC
RiteCMS v3.1.0 - Authenticated Remote Code Execution via parse_special_tags()
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.
CVSS 7.2
CVE-2025-67173 WRITEUP MEDIUM WORKING POC
RiteCMS 3.1.0 - Cross-Site Request Forgery in Page Creation/Editing Function
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.
CVSS 6.8
CVE-2025-67174 WRITEUP HIGH WORKING POC
RiteCMS 3.1.0 - Local File Inclusion via Directory Traversal in admin_language_file Parameter
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component
CVSS 7.5