EUVD-2025-209735

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to configuration and executable files

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management involves insecure handling of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to configuration and executable files...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to authentication data from the SMTP server.

The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to authentication data from the SMTP server...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to authentication data from the proxy server.

The vulnerability of the 1C-Bitrix website content management system CMS is related to insufficient protection of registration data, allowing attackers to gain access to authentication data from the proxy server...

Vulnerability of the landing module of the content management system (CMS) for 1C-Bitrix: A website management tool that allows a hacker to execute OS commands on a vulnerable node, gain control over resources, and penetrate the internal network.

Vulnerability of the landing module of the CMS system: Website management is triggered by synchronization errors when using a common resource. Exploiting this vulnerability allows a malicious actor to remotely execute OS commands on a vulnerable node, gain control over resources, and penetrate th...

Vulnerability of the CMS system: 1C-Bitrix. Website management that arises from the lack of measures to protect the structure of web pages allows attackers to inject malicious content into the website.

Vulnerability of the CMS system 1C-Bitrix: Website management exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject malicious content using BBcode functions...

1c-bitrix.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-175847 Description| Value ---|--- Affected Website:| 1c-bitrix.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerabl...

Vulnerability of the 1C-Bitrix web project management system: Website management that allows malicious actors to bypass access restrictions

Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the integrity control mechanism of the control scripts. Exploiting this vulnerability allows a malicious actor to manipulate the integrity check mechanism and modify files within the system witho...

The vulnerability of the 1C-Bitrix web project management system allows a hacker to trigger a service failure, obtain confidential information, or rename arbitrary files.

The vulnerability of the admin/bitrix.xscanworker.php module of the 1C-Bitrix web project management system exists due to insufficient restrictions on the path name to the catalog. Exploiting this vulnerability allows a malicious actor to rename arbitrary files, obtain confidential information, o...