Authenticated Remote Code Execution Discovered in RiteCMS 3.1.0 Web Application
What Happened – Researchers published an exploit that allows any authenticated user with page‑editing rights in RiteCMS 3.1.0 to execute arbitrary PHP commands on the underlying server via the [function:…] tag. The flaw is triggered by inserting a crafted tag into page content, which the CMS evaluates as code.
Why It Matters for TPRM –
- An attacker who compromises a low‑privilege credential can gain full server control.
- The vulnerability is exploitable on default installations, exposing downstream data and services.
- No CVE has been assigned, so many vulnerability scanners may miss it, increasing blind‑spot risk.
Who Is Affected – Organizations that host public‑facing websites or internal portals on RiteCMS, spanning media, SaaS, and other web‑centric sectors.
Recommended Actions –
- Verify whether any third‑party sites in your supply chain run RiteCMS 3.1.0.
- Immediately upgrade to a patched version or apply a temporary input‑validation rule that blocks
[function:tags. - Review privileged account hygiene and enforce MFA for CMS administrators.
Technical Notes – The exploit leverages an authenticated RCE vector via the content_function() handler. No CVE identifier exists; the issue is catalogued as EDB‑ID 52488. Affected payloads include system('whoami') and arbitrary command execution such as downloading a remote shell. Source: https://www.exploit-db.com/exploits/52488