CVE-2022-24247

MEDIUM

ritecms < 3.1.0 - Authenticated Arbitrary File Overwrite via Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24247. PoCs published by faisalfs10x.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file overwrite vulnerability in RiteCMS 3.1.0 and below, allowing an authenticated attacker to overwrite files in the web root by manipulating the 'file_name' parameter in a file upload request.

Description

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

Exploits (1)

exploitdb WORKING POC

by faisalfs10x · textwebappsphp

https://www.exploit-db.com/exploits/50614

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file overwrite vulnerability in RiteCMS 3.1.0 and below, allowing an authenticated attacker to overwrite files in the web root by manipulating the 'file_name' parameter in a file upload request.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: RiteCMS <= 3.1.0

Auth required

Prerequisites: Authenticated access to the RiteCMS admin panel

MITRE ATT&CK

T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50614

Exploit, Third Party Advisory x_refsource_misc

https://cxsecurity.com/issue/WLB-2022010019

Scores

CVSS v3 6.5

EPSS 0.0378

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

ritecms/ritecms < 3.1.0

Published Apr 12, 2022

Tracked Since Feb 18, 2026