{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:13:04.782","vulnerabilities":[{"cve":{"id":"CVE-2022-24248","sourceIdentifier":"cve@mitre.org","published":"2022-04-12T12:15:08.727","lastModified":"2024-11-21T06:50:02.557","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints."},{"lang":"es","value":"RiteCMS versiones 3.1.0 y anteriores, sufren de una vulnerabilidad de eliminación de archivos arbitrarios por medio de un salto de ruta en el panel de administración. La explotación de esta vulnerabilidad permite a un atacante autenticado eliminar cualquier archivo en el root de la web (junto con cualquier otro archivo en el servidor que el usuario del proceso PHP tenga los permisos apropiados para eliminar). Además, un atacante podría aprovechar la capacidad de eliminación arbitraria de archivos para omitir determinados mecanismos de seguridad del servidor web, como la eliminación del archivo .htaccess que desactivaría esas restricciones de seguridad"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":9.2,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ritecms:ritecms:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.0","matchCriteriaId":"96E9607C-AAB1-429B-B214-C288509493AF"}]}]}],"references":[{"url":"https://en.0day.today/exploit/description/37177","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/50615","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://en.0day.today/exploit/description/37177","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/50615","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}