CVE-2013-5316

RiteCMS 1.0.0 - Cross-Site Request Forgery via Administrator Password Change

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5316. PoCs published by Yashar shahinzadeh.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in RiteCMS 1.0.0: a CSRF attack to change the administrator's password and a reflected XSS vulnerability. The CSRF PoC includes a crafted HTML form that submits malicious requests to the target application, while the XSS is triggered via a malicious URL parameter.

Description

Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.

Exploits (1)

exploitdb WORKING POC
by Yashar shahinzadeh · textwebappsphp
https://www.exploit-db.com/exploits/27315

The exploit demonstrates two vulnerabilities in RiteCMS 1.0.0: a CSRF attack to change the administrator's password and a reflected XSS vulnerability. The CSRF PoC includes a crafted HTML form that submits malicious requests to the target application, while the XSS is triggered via a malicious URL parameter.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: RiteCMS 1.0.0
No auth needed
Prerequisites: Victim must visit a malicious page (CSRF) · Victim must be authenticated for XSS to have impact
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61587
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86193
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/27315

Scores

EPSS 0.0227
EPSS Percentile 80.8%

Details

CWE
CWE-352
Status published
Products (1)
ritecms/ritecms 1.0.0
Published Aug 20, 2013
Tracked Since Feb 18, 2026