PT-2006-3427 · Bitrix+1 · Bitrix Site Manager+1

Gogi The Georgian

Published

2006-05-19

Updated

2018-10-18

CVE-2006-2479

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bitrix Site Manager versions 4.1.x

Description The issue concerns the Update functionality, which fails to verify the authenticity of downloaded updates. This allows remote attackers to obtain sensitive information and execute arbitrary PHP code via DNS cache poisoning, redirecting the user to a malicious site.

Recommendations For Bitrix Site Manager versions 4.1.x, consider implementing authentication checks for downloaded updates to prevent DNS cache poisoning attacks. As a temporary workaround, restrict access to the update functionality until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2479

Affected Products

Bitrix

Bitrix Site Manager

PT-2006-3427 · Bitrix+1 · Bitrix Site Manager+1

CVE-2006-2479

Related Identifiers

Affected Products

References · 8