CVE-2022-24247

Severity CVSS v4.0:

Pending analysis

Type:

CWE-22 Path Traversal

Publication date:

12/04/2022

Last modified:

19/04/2022

Description

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.50 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): High
Availability (A): High

Base Score 3.x

6.50

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:L/Au:S/C:N/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 8.50 HIGH
Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): None
Integrity (I): Complete
Availability (A): Complete