CVE-2006-2479

Name of the Vulnerable Software and Affected Versions Bitrix Site Manager versions 4.1.x

Description The issue concerns the Update functionality, which fails to verify the authenticity of downloaded updates. This allows remote attackers to obtain sensitive information and execute arbitrary PHP code via DNS cache poisoning, redirecting the user to a malicious site.

Recommendations For Bitrix Site Manager versions 4.1.x, consider implementing authentication checks for downloaded updates to prevent DNS cache poisoning attacks. As a temporary workaround, restrict access to the update functionality until a proper fix is applied.