mcart.xls Bitrix Module 6.5.2 - SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Exploit for php platform in category web applications Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosur...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...

Multiple SQL Injection Vulnerabilities in mccart.xls Bitrix Module

Multiple SQL injection vulnerabilities exist in the mccart.xls Bitrix module. Multiple SQL injection vulnerabilities exist in the Bitrix module due to the "xlsprofile" HTTP GET parameter passed to the "/bitrix/admin/mcartxlsimport.php" script; the "/bitrix/admin/mcartxlsimport.php" script; the...

orion.extfeedbackform Bitrix模块SQL注入漏洞

No description provided by source...

orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection

Advisory ID: HTB23280 Product: orion.extfeedbackform Bitrix module Vendor: www.orion-soft.ru Vulnerable Versions: 2.1.2 and probably prior Tested Version: 2.1.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: December 11, 2015...

orion.extfeedbackform Bitrix Module SQL Injection Vulnerability

An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...

bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion

Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...

bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability

bitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability. Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details...

bitrix.xscan Bitrix Module Path Traversal Vulnerability

A path traversal vulnerability exists in the bitrix.xscan Bitrix module. Due to the lack of directory traversal character filtering e.g., ". /". A remotely authenticated attacker can upload a file with malicious content by passing this file through a vulnerable script in a renamed filename...

bitrix.mpbuilder Bitrix Module PHP File Inclusion Vulnerability

A PHP file inclusion vulnerability exists in the bitrix.mpbuilder Bitrix module. Because the "work" HTTP POST parameter is not properly filtered before the "/bitrix/admin/bitrix.mpbuilderstep2.php" script is used by the include PHP function, a remote attacker can include and execute arbitrary loc...

Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module

High-Tech Bridge Security Research Lab discovered multiple SQL Injection vulnerabilities in mcart.xls Bitrix module, which can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website...

SQL Injection in orion.extfeedbackform Bitrix Module

High-Tech Bridge Security Research Lab discovered two vulnerabilities in orion.extfeedbackform Bitrix module, can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website. All discover...

Path Traversal via CSRF in bitrix.xscan Bitrix Module

High-Tech Bridge Security Research Lab discovered vulnerability in bitrix.xscan Bitrix module, intended to discover and neutralize malware on the website. The vulnerability can be exploited to change extension of arbitrary PHP files on the target system and gain access to potentially sensitive...