CVE-2022-50911

Name of the Vulnerable Software and Affected Versions Bitrix24 (affected versions not specified)

Description A logged-in attacker can execute arbitrary system commands through the PHP command line admin interface, leading to remote code execution. The attacker leverages this by sending crafted POST requests to an administrative endpoint. The application's privileges are used to execute the code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.