PT-2005-2942 · Bitrix+1 · Bitrix Site Manager+1

D_Bug

Published

2005-06-15

Updated

2017-07-11

CVE-2005-1996

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bitrix Site Manager versions 4.0.x

Description The issue allows remote attackers to execute arbitrary PHP code via the DOCUMENT ROOT parameter in the start.php file. This can be exploited by manipulating the SERVER[DOCUMENT ROOT] parameter.

Recommendations For Bitrix Site Manager versions 4.0.x, consider restricting access to the start.php file until a patch is available. As a temporary workaround, avoid using the SERVER[DOCUMENT ROOT] parameter in the affected file to minimize the risk of exploitation.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2005-1996

Affected Products

Bitrix

Bitrix Site Manager

PT-2005-2942 · Bitrix+1 · Bitrix Site Manager+1

CVE-2005-1996

Weakness Enumeration

Related Identifiers

Affected Products

References · 10