PT-2026-2387 · Bitrix24 · Bitrix24
Picaro_O
·
Publicado
2026-01-13
·
Atualizado
2026-01-15
·
CVE-2022-50911
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bitrix24 (affected versions not specified)
Description
A logged-in attacker can execute arbitrary system commands through the PHP command line admin interface, leading to remote code execution. The attacker leverages this by sending crafted POST requests to an administrative endpoint. The application's privileges are used to execute the code.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bitrix24