Описание
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:4.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.0072
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
EPSS
Процентиль: 72%
0.0072
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other