CVE-2022-24247

MEDIUM

RiteCMS <3.1.0 - Path Traversal

Title source: llm

Description

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

Exploits (1)

exploitdb WORKING POC

by faisalfs10x · textwebappsphp

https://www.exploit-db.com/exploits/50614

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50614

[Exploit, Third Party Advisory] https://cxsecurity.com/issue/WLB-2022010019

Scores

CVSS v3 6.5

EPSS 0.0216

EPSS Percentile 84.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

ritecms/ritecms < 3.1.0

Published Apr 12, 2022

Tracked Since Feb 18, 2026