CVE-2015-8357

medium

Description

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.

References

https://www.exploit-db.com/exploits/38976/

https://marketplace.1c-bitrix.ru/solutions/bitrix.xscan/#tab-log-link

http://www.securityfocus.com/archive/1/537072/100/0/threaded

Details

Source: Mitre, NVD

Published: 2015-12-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium