CVE-2022-24247

2022-04-1212:15:08

Google

osv.dev

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

CPENameOperatorVersion
ritecmseq3.0.0
ritecmseqV3.1.0

CPE	Name	Operator	Version
	ritecms	eq	3.0.0
	ritecms	eq	V3.1.0

References

cxsecurity.com/issue/WLB-2022010019

www.exploit-db.com/exploits/50614