What is the vulnerability ID for the RiteCMS arbitrary file deletion via path traversal vulnerability?

The vulnerability ID for the RiteCMS arbitrary file deletion via path traversal vulnerability is CVE-2022-24248.

What is the severity level of CVE-2022-24248?

CVE-2022-24248 is classified as high severity with a CVSS score of 6.5.

Which version of RiteCMS is affected by CVE-2022-24248?

RiteCMS version 3.1.0 and below are affected by CVE-2022-24248.

Are there any known exploits for CVE-2022-24248?

Yes, there are known exploits for CVE-2022-24248. Please refer to the provided references for more information.

Vulnerability/
CVE-2022-24248

high

8.5

CWE

12/4/2022

3/8/2024

CVE-2022-24248: Path Traversal

Q: How does the arbitrary file deletion via path traversal vulnerability in RiteCMS Admin Panel work?

The vulnerability allows an authenticated attacker to delete any file in the web root and on the server that the PHP process user has the proper permissions to delete.

First published: Tue Apr 12 2022(Updated: )

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
RiteCMS	<=3.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for the RiteCMS arbitrary file deletion via path traversal vulnerability?
The vulnerability ID for the RiteCMS arbitrary file deletion via path traversal vulnerability is CVE-2022-24248.
What is the severity level of CVE-2022-24248?
CVE-2022-24248 is classified as high severity with a CVSS score of 6.5.
Which version of RiteCMS is affected by CVE-2022-24248?
RiteCMS version 3.1.0 and below are affected by CVE-2022-24248.
How does the arbitrary file deletion via path traversal vulnerability in RiteCMS Admin Panel work?
The vulnerability allows an authenticated attacker to delete any file in the web root and on the server that the PHP process user has the proper permissions to delete.
Are there any known exploits for CVE-2022-24248?
Yes, there are known exploits for CVE-2022-24248. Please refer to the provided references for more information.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
vendor/ritecms
canonical/ritecms
version/ritecms/3.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.