CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-46367

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.247

EPSS Ranking 95.9%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597
https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-Code-Execution.html
https://ritecms.com/
https://www.exploit-db.com/exploits/50616
https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597
https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-Code-Execution.html
https://ritecms.com/
https://www.exploit-db.com/exploits/50616

Products affected by CVE-2021-46367

Ritecms » Ritecms » Version: 1.0

cpe:2.3:a:ritecms:ritecms:1.0
Ritecms » Ritecms » Version: 1.0.0

cpe:2.3:a:ritecms:ritecms:1.0.0
Ritecms » Ritecms » Version: 2.2.1

cpe:2.3:a:ritecms:ritecms:2.2.1
Ritecms » Ritecms » Version: 3.0

cpe:2.3:a:ritecms:ritecms:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46367

Products

Pricing

Contact Us