PT-2022-12675 · Ritecms · Ritecms

Faisalfs10X

Published

2022-04-08

Updated

2022-04-14

CVE-2021-46367

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RiteCMS versions 3.1.0 and below

Description The issue allows an authenticated attacker to upload a PHP file and bypass the .htaccess configuration, which by default denies execution of .php files in the media and files directory. This can be exploited in the admin panel.

Recommendations For RiteCMS versions 3.1.0 and below, consider restricting access to the admin panel and the file upload functionality until a fix is available. As a temporary workaround, manually enforce the .htaccess configuration to prevent execution of .php files in the media and files directory.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-46367

Affected Products

Ritecms

PT-2022-12675 · Ritecms · Ritecms

CVE-2021-46367

Weakness Enumeration

Related Identifiers

Affected Products

References · 7