CVE-2022-24247

Source
https://cve.org/CVERecord?id=CVE-2022-24247
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24247.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24247
Published
2022-04-12T12:15:08.683Z
Modified
2026-03-14T11:36:18.181447Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

References

Affected packages

Git / github.com/handylulu/ritecms

Affected ranges

Type
GIT
Repo
https://github.com/handylulu/ritecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        }
    ]
}

Affected versions

V3.*
V3.1.0
v3.*
v3.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24247.json"