Bitrix : Security Vulnerabilities, CVEs, CVSS score >= 7
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
Max CVSS
9.0
EPSS Score
2.67%
Published
2015-12-16
Updated
2018-10-09
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
Max CVSS
7.5
EPSS Score
0.75%
Published
2014-05-30
Updated
2014-06-26
2 vulnerabilities found