CVE-2022-24247

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24247
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24247.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24247
Published
2022-04-12T12:15:08Z
Modified
2024-09-03T04:11:32.234902Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

References

Affected packages

Git / github.com/handylulu/ritecms

Affected ranges

Type
GIT
Repo
https://github.com/handylulu/ritecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

V3.*

V3.1.0

v3.*

v3.0.0