CVE-2022-24248

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24248
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24248.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-24248
Published
2022-04-12T12:15:08Z
Modified
2025-01-08T08:53:18.833540Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

References

Affected packages

Git / github.com/handylulu/ritecms

Affected ranges

Type
GIT
Repo
https://github.com/handylulu/ritecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ad06c052681f6f3454ec05adfd62a2c3ef39bcf

Affected versions

V3.*

V3.1.0

v3.*

v3.0.0