Published: 16/12/2015 Updated: 09/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Directory traversal vulnerability in the bitrix.mpbuilder module prior to 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bitrix mpbuilder

Advisory ID: HTB23281 Product: bitrixmpbuilder Bitrix module Vendor: www1c-bitrixru Vulnerable Version(s): 1010 and probably prior Tested Version: 1010 Advisory Publication: November 18, 2015 [without technical details] Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015 Public Disclosure: December 9, 2015 Vulnerabili ...

bitrixmpbuilder Bitrix module version 1010 suffers from a local file inclusion vulnerability ...

CWE-22 https://www.htbridge.com/advisory/HTB23281 http://packetstormsecurity.com/files/134766/bitrix.mpbuilder-Bitrix-1.0.10-Local-File-Inclusion.html https://marketplace.1c-bitrix.ru/solutions/bitrix.mpbuilder/#tab-log-link https://www.exploit-db.com/exploits/38975/http://www.securityfocus.com/archive/1/537067/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/38975/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-8358

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect