CVE-2022-24247: Path Traversal
First published: Tue Apr 12 2022(Updated: )
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RiteCMS | <=3.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-24247?
CVE-2022-24247 is a vulnerability found in RiteCMS version 3.1.0 and below that allows an authenticated attacker to overwrite any file in the web root through a path traversal vulnerability in the Admin Panel.
How severe is CVE-2022-24247?
CVE-2022-24247 has a severity score of 6.5 (high).
How can an attacker exploit CVE-2022-24247?
An attacker can exploit CVE-2022-24247 by exploiting the path traversal vulnerability in the Admin Panel of RiteCMS version 3.1.0 and below, allowing them to overwrite any file in the web root.
Which version of RiteCMS is affected by CVE-2022-24247?
RiteCMS version 3.1.0 and below are affected by CVE-2022-24247.
Is there a fix for CVE-2022-24247?
At the moment, there is no official fix available for CVE-2022-24247. It is recommended to upgrade to a patched version once it becomes available or apply other mitigations recommended by the vendor.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ritecms
- canonical/ritecms
- version/ritecms/3.1.0