CVE-2006-2479

2006-05-1917:00:00

mitre

www.cve.org

7.2 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.

References

securityreason.com/securityalert/918

securitytracker.com/id?1016121

www.securityfocus.com/archive/1/434367/100/0/threaded

www.vupen.com/english/advisories/2006/1858

exchange.xforce.ibmcloud.com/vulnerabilities/26542

exchange.xforce.ibmcloud.com/vulnerabilities/26548