An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.
https://www.exploit-db.com/exploits/48636
https://github.com/enesozeser/Vulnerabilities/blob/master/CVE-2020-23934