CVE-2021-46367

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
ritecmsritecms
𝑥
≤ 3.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597
https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-Code-Execution.html
https://ritecms.com/
https://www.exploit-db.com/exploits/50616
https://gist.github.com/faisalfs10x/bd12e9abefb0d44f020bf297a14a4597
https://packetstormsecurity.com/files/165430/RiteCMS-3.1.0-Shell-Upload-Remote-Code-Execution.html
https://ritecms.com/
https://www.exploit-db.com/exploits/50616