Vulnerability Description
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ritecms | Ritecms | <= 3.1.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597Third Party Advisory
- https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-CExploitThird Party AdvisoryVDB Entry
- https://ritecms.com/Product
- https://www.exploit-db.com/exploits/50616ExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597Third Party Advisory
- https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-CExploitThird Party AdvisoryVDB Entry
- https://ritecms.com/Product
- https://www.exploit-db.com/exploits/50616ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-46367?
CVE-2021-46367 is a vulnerability with a CVSS score of 7.2 (HIGH). RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny exe...
How severe is CVE-2021-46367?
CVE-2021-46367 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46367?
Check the references section above for vendor advisories and patch information. Affected products include: Ritecms Ritecms.