RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2022010019 | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/50614 | Exploit Third Party Advisory VDB Entry |
https://cxsecurity.com/issue/WLB-2022010019 | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/50614 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 06:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://cxsecurity.com/issue/WLB-2022010019 - Exploit, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/50614 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2022-04-12 12:15
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24247
Mitre link : CVE-2022-24247
CVE.ORG link : CVE-2022-24247
JSON object : View
Products Affected
ritecms
- ritecms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')