handylulu/RiteCMS

handylulu/RiteCMS

Releases2

Frequency3 days 23 hours

Last Release over 5 years ago

Stars6

An ultrafast lightweight & easy CMS (Content Management System) based on Php & Sqlite.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67170 ↗	Dec 17, 2025Wednesday, 17 December 2025, 19:16	6.1 MEDIUM	—
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
CVE-2025-67171 ↗	Dec 17, 2025Wednesday, 17 December 2025, 19:16	7.5 HIGH	—
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.
CVE-2025-67173 ↗	Dec 17, 2025Wednesday, 17 December 2025, 19:16	6.8 MEDIUM	—
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.
CVE-2025-67174 ↗	Dec 17, 2025Wednesday, 17 December 2025, 19:16	7.5 HIGH	—
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component
CVE-2025-67168 ↗	Dec 17, 2025Wednesday, 17 December 2025, 19:16	5.3 MEDIUM	—
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
CVE-2025-67172 ↗	Dec 17, 2025Wednesday, 17 December 2025, 18:15	7.2 HIGH	—
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.