CVE-2022-29268

Name of the Vulnerable Software and Affected Versions Bitrix versions prior to 7.5.0

Description The issue is related to the unrestricted upload of dangerous file types in the "1C-Bitrix: Virtual Machine" (VMBitrix) virtual server. This can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted PHP file. The vulnerability can be exploited through the "Upload From Local Disk" feature in the restore.php file or by uploading a web shell during the initial setup interface. There have been real-world incidents where this issue was exploited, such as the Jet CSIRT website deface case, where the setup interface was exposed to the Internet for 3 days, allowing attackers to install a web shell.

Recommendations For Bitrix versions prior to 7.5.0: As a temporary workaround, consider restricting access to the setup interface and the "Upload backup" feature to minimize the risk of exploitation. Do not expose the initial setup interface to the Internet. At the moment, there is no information about a newer version that contains a fix for this vulnerability.