RSS   Podatności dla 'Xscan'   RSS

2015-12-16
 
CVE-2015-8357

CWE-22
 

 
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.

 

 >>> Vendor: Bitrix 4 Produkty
Bitrix site manager
Bitrix e-store module
Xscan
Mpbuilder


Copyright 2020, cxsecurity.com

 

Back to Top