CVE-2022-24248

Name of the Vulnerable Software and Affected Versions RiteCMS versions 3.1.0 and below

Description The issue allows an authenticated attacker to delete any file in the web root, as well as other files on the server that the PHP process user has permissions to delete, via an arbitrary file deletion vulnerability using path traversal in the Admin Panel. This capability can be used to circumvent certain web server security mechanisms, such as deleting .htaccess files to deactivate security constraints.

Recommendations For RiteCMS versions 3.1.0 and below, update to a version above 3.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Admin Panel to minimize the risk of exploitation. Additionally, monitor server permissions and access controls to limit the potential damage from arbitrary file deletion.