Arbitrary File Overwrite via Path Traversal in RiteCMS Admin Panel

Arbitrary File Overwrite via Path Traversal in RiteCMS Admin Panel

CVE-2022-24247 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

Learn more about our Web App Pen Testing.