CVE-2022-24247

{"id": "CVE-2022-24247", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2022-04-12T12:15:08.683", "references": [{"url": "https://cxsecurity.com/issue/WLB-2022010019", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/50614", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution."}, {"lang": "es", "value": "RiteCMS versiones 3.1.0 y anteriores, sufren una vulnerabilidad de sobreescritura arbitraria de archivos por medio de un salto de ruta en el panel de administraci\u00f3n. La explotaci\u00f3n de la vulnerabilidad permite a un atacante autenticado sobrescribir cualquier archivo en el root de la web (junto con cualquier otro archivo en el servidor que el usuario del proceso PHP tenga los permisos apropiados para escribir), resultando en una ejecuci\u00f3n de c\u00f3digo remota"}], "lastModified": "2022-04-19T18:08:00.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ritecms:ritecms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E9607C-AAB1-429B-B214-C288509493AF", "versionEndIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}