CVE-2021-46367

Published: Apr 8, 2022Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.

Affected (1)

Products: Ritecms: Ritecms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ritecms Ritecms	Up to 3.1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597

Source: cve@mitre.org

Third Party Advisory

https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://ritecms.com/

Source: cve@mitre.org

Product

https://www.exploit-db.com/exploits/50616

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://ritecms.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.exploit-db.com/exploits/50616

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.