threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ritecms
Product
ritecms
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-67174
all versions
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory
7.5
HIGH
CVE-2025-67173
all versions
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create
6.8
MEDIUM
CVE-2025-67171
all versions
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory t
7.5
HIGH
CVE-2025-67170
all versions
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context o
6.1
MEDIUM
CVE-2025-67168
all versions
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
5.3
MEDIUM
CVE-2025-67172
all versions
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() f
7.2
HIGH
CVE-2024-28623
all versions
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.
6.1
MEDIUM
CVE-2023-44767
all versions
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.
4.8
MEDIUM
CVE-2023-43877
all versions
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload
4.8
MEDIUM
CVE-2023-43879
all versions
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload
4.8
MEDIUM
CVE-2023-43878
all versions
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted
5.4
MEDIUM
CVE-2022-24248
<= 3.1.0
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploitin
6.5
MEDIUM
CVE-2022-24247
<= 3.1.0
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiti
6.5
MEDIUM
CVE-2021-46367
<= 3.1.0
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker c
7.2
HIGH
CVE-2020-23934
all versions
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell
8.8
HIGH
CVE-2013-5317
all versions
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML
CVE-2013-5316
all versions
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administr
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin