CVE-2022-24248

MEDIUM

RiteCMS < 3.1.0 - Authenticated Arbitrary File Deletion via Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24248. PoCs published by faisalfs10x.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file deletion vulnerability in RiteCMS 3.1.0 and below. An authenticated attacker can delete any file in the web root by manipulating the 'delete' parameter in a GET request to the file manager.

Description

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

Exploits (1)

exploitdb WORKING POC
by faisalfs10x · textwebappsphp
https://www.exploit-db.com/exploits/50615

This exploit demonstrates an arbitrary file deletion vulnerability in RiteCMS 3.1.0 and below. An authenticated attacker can delete any file in the web root by manipulating the 'delete' parameter in a GET request to the file manager.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: RiteCMS <= 3.1.0
Auth required
Prerequisites: Authenticated access to the admin panel · Knowledge of the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50615
Exploit, Third Party Advisory x_refsource_misc
https://en.0day.today/exploit/description/37177

Scores

CVSS v3 6.5
EPSS 0.2041
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
ritecms/ritecms < 3.1.0
Published Apr 12, 2022
Tracked Since Feb 18, 2026