CVE-2025-67168

Medium CVSS: 5.3

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.

Vendor

Product

CWE

Yayın Tarihi

2025-12-17 19:16:12

Güncelleme

2025-12-18 19:18:16

Source Identifier

cve@mitre.org

KEV Date Added

CWE-916 Ritecms MEDIUM Ritecms 2025

https://github.com/handylulu/RiteCMS https://github.com/handylulu/RiteCMS/blob/master/cms/includes/functions.admin.inc.php https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67168

Medium

CVE-2025-67170

A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the…

High

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via d…

Medium

CVE-2025-67173

A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrar…

High

CVE-2025-67174

A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a…

High

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_specia…