Detections
Analytics

Bitrix bitrix.mpbuilder Module < 1.0.12 bitrix.mpbuilder_step2.php 'work[]' Path Traversal File Inclusion

high Nessus Plugin ID 99931

Language:

Synopsis

A PHP application running on the remote web server contains a module that is affected by a path traversal vulnerability.

Description

The version of the Bitrix bitrix.mpbuilder module running on the remote web server is prior to 1.0.12. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'work[]' parameter passed to the /bitrix/admin/bitrix.mpbuilder_step2.php script. An authenticated, remote attacker can exploit this, via a specially crafted HTTP POST request, to include and execute arbitrary local files on the host.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported module version number.

Solution

Upgrade to Bitrix bitrix.mpbuilder module version 1.0.12 or later.

See Also

https://www.htbridge.com/advisory/HTB23281

Plugin Details

Severity: High

ID: 99931

File Name: bitrix_mpbuilder_1_0_12_module.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 5/2/2017

Updated: 6/13/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: x-cpe:/a:bitrix:bitrix, cpe:/a:bitrix:mpbuilder

Required KB Items: www/PHP, installed_sw/Bitrix

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/25/2015

Vulnerability Publication Date: 11/18/2015

Reference Information

CVE: CVE-2015-8358

BID: 79774

IAVA: 2017-A-0129