RSS   Vulnerabilities for 'Mpbuilder'   RSS

2015-12-16
 
CVE-2015-8358

CWE-22
 

 
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.

 

 >>> Vendor: Bitrix 5 Products
Bitrix site manager
Bitrix e-store module
Xscan
Mpbuilder
Bitrix24


Copyright 2024, cxsecurity.com

 

Back to Top