RSS   Vulnerabilities for 'Xscan'   RSS

2015-12-16
 
CVE-2015-8357

CWE-22
 

 
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.

 

 >>> Vendor: Bitrix 5 Products
Bitrix site manager
Bitrix e-store module
Xscan
Mpbuilder
Bitrix24


Copyright 2024, cxsecurity.com

 

Back to Top