Ray Zhuang - Security Researcher - Exploit Intelligence Platform

CVE-2025-67168 WRITEUP MEDIUM WORKING POC

RiteCMS v3.1.0 - Info Disclosure

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.

CVSS 5.3

View Code

CVE-2025-67171 WRITEUP HIGH WORKING POC

Ritecms - Path Traversal

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.

CVSS 7.5

View Code

CVE-2025-67172 WRITEUP HIGH WORKING POC

Ritecms - Code Injection

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.

CVSS 7.2

View Code

CVE-2025-67173 WRITEUP MEDIUM WORKING POC

Ritecms - CSRF

A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.

CVSS 6.8

View Code

CVE-2025-67174 WRITEUP HIGH WORKING POC

Ritecms - Path Traversal

A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component

CVSS 7.5

View Code