The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote malicious users to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
bitrix bitrix site manager 4.0.4 |
||
bitrix bitrix site manager 4.0.5 |
||
bitrix bitrix site manager 4.0.6 |
||
bitrix bitrix site manager 4.0.7 |
||
bitrix bitrix site manager 4.0.2 |
||
bitrix bitrix site manager 4.0.3 |
||
bitrix bitrix site manager 4.0.0 |
||
bitrix bitrix site manager 4.0.8 |
||
bitrix bitrix site manager 4.1.0 |
Vulmon