An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the “Filemanager” section.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23934
Reference (s):
- https://github.com/enesozeser/Vulnerabilities/blob/master/CVE-2020-23934
- https://www.exploit-db.com/exploits/48636