Vulnerability Description
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ritecms | Ritecms | <= 3.1.0 |
Related Weaknesses (CWE)
References
- https://en.0day.today/exploit/description/37177ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50615ExploitThird Party AdvisoryVDB Entry
- https://en.0day.today/exploit/description/37177ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50615ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2022-24248?
CVE-2022-24248 is a vulnerability with a CVSS score of 6.5 (MEDIUM). RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any fil...
How severe is CVE-2022-24248?
CVE-2022-24248 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24248?
Check the references section above for vendor advisories and patch information. Affected products include: Ritecms Ritecms.