CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

CVE-2024-34883

CVE-2024-34883 affects 1C-Bitrix Bitrix24 v23.300.100. The vulnerability arises from insufficient protection of credentials in the DAV server settings, enabling remote administrators to read proxy-server account passwords via an HTTP GET request. Impact is confidentiality: high. Exploitation deta...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to authentication data from the SMTP server.

The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to authentication data from the SMTP server...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to authentication data from the Microsoft Exchange Server server.

The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to authentication data from the Microsoft Exchange Server server...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to exploit SMTP settings and gain access to SMTP server authentication data.

The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to manipulate SMTP settings and gain access to SMTP server authentication data...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to the domain controller’s account information.

The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to the account information of the domain controller...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to authentication data from the proxy server.

The vulnerability of the 1C-Bitrix website content management system CMS is related to insufficient protection of registration data, allowing attackers to gain access to authentication data from the proxy server...

VulnCheck KEV: CVE-2008-2052

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter...

The vulnerability of the bitrixsetup.php component of the 1C-Bitrix web project management system allows a malicious individual to gain unauthorized access to read files on the operating system.

The vulnerability of the bitrixsetup.php component of the 1C-Bitrix web project management system is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read files in the operating system...

The vulnerability in the `bitrix/modules/crm/lib/order/import/instagram.php` file of the Crm service for business management in Bitrix24 allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability in the bitrix/modules/crm/lib/order/import/instagram.php file of the Crm service for business management in Bitrix24 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...

PT-2023-6690

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description The software contains an improper file stream access issue in the /desktop app/file.ajax.php?action=uploadfile endpoint. This allows unauthenticated remote attackers to cause a denial-of-service condition ...

Vulnerability of the landing module of the content management system (CMS) for 1C-Bitrix: A website management tool that allows a hacker to execute OS commands on a vulnerable node, gain control over resources, and penetrate the internal network.

Vulnerability of the landing module of the CMS system: Website management is triggered by synchronization errors when using a common resource. Exploiting this vulnerability allows a malicious actor to remotely execute OS commands on a vulnerable node, gain control over resources, and penetrate th...

Vulnerability of the CMS system: 1C-Bitrix. Website management that arises from the lack of measures to protect the structure of web pages allows attackers to inject malicious content into the website.

Vulnerability of the CMS system 1C-Bitrix: Website management exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject malicious content using BBcode functions...

PT-2023-5241 · 1с · 1С-Битрикс

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the landing module of the 1С-Битрикс site management system. Exploitation of this issue m...

Vulnerability of the CMS system: 1C-Bitrix – Website management related to authentication procedures’ flaws, allowing attackers to access confidential information and perform operations with privileged access rights of compromised accounts.

Vulnerability of the CMS system: 1C-Bitrix. Website management is associated with deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information and perform operations under the privileges of a compromised account...

Vulnerability of the built-in code editor of the content management system (CMS) 1C-Bitrix: Site management related to input data processing errors, allowing attackers to execute arbitrary code

Vulnerability of the built-in code editor of the content management system CMS 1C-Bitrix: Website management is associated with errors in data input processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

VulnCheck KEV: CVE-2022-27228

In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code...

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

CVE-2022-43959

The CVE-2022-43959 entry concerns 1C-Bitrix Bitrix24 (through version 22.200.200) with an issue in AD/LDAP server settings where credentials are insufficiently protected. The root cause is exposure of an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit....

CVE-2017-20122

A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input leads to basic cross site scripting. The attack can be launched...