Vulnerability Description
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ritecms | Ritecms | <= 3.1.0 |
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2022010019ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50614ExploitThird Party AdvisoryVDB Entry
- https://cxsecurity.com/issue/WLB-2022010019ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50614ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2022-24247?
CVE-2022-24247 is a vulnerability with a CVSS score of 6.5 (MEDIUM). RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any...
How severe is CVE-2022-24247?
CVE-2022-24247 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24247?
Check the references section above for vendor advisories and patch information. Affected products include: Ritecms Ritecms.