Home

Description

A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component

PUBLISHED Reserved 2025-12-08 | Published 2025-12-17 | Updated 2025-12-18 | Assigner mitre

References

github.com/...ulnerability-research/tree/main/CVE-2025-67174 exploit

github.com/handylulu/RiteCMS

github.com/handylulu/RiteCMS/blob/master/admin.php

github.com/.../blob/master/cms/subtemplates/settings.inc.tpl

github.com/...ulnerability-research/tree/main/CVE-2025-67174

cve.org (CVE-2025-67174)

nvd.nist.gov (CVE-2025-67174)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.