Primary

Context

Raytha CMS Code Injection Vulnerability in 'Functions' Module

Vulnerability

A code injection vulnerability has been identified in the 'Functions' module of Raytha CMS, affecting all versions prior to 1.4.6. This vulnerability allows privileged users to execute custom JavaScript code that can instantiate .NET components and perform arbitrary operations within the application's hosting environment. The issue arises from a lack of sandboxing or access restrictions on the code executed through the 'Functions' feature.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of the application's hosting environment by executing arbitrary .NET code.

Remediation

Users can upgrade to Raytha CMS version 1.4.6 or later to address this vulnerability.

Added: Mar 16, 2026, 2:50 PM

Updated: Mar 16, 2026, 2:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Raytha CMS Code Injection Vulnerability in 'Functions' Module

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating