Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1996

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1996
Last Modified 23 Aug 2011 12:00:00
Published 15 Jun 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1996

Summary

PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.

Vulnerable Systems

Application

  • Bitrix Site Manager 4.0.0

  • Bitrix Site Manager 4.0.2

  • Bitrix Site Manager 4.0.3

  • Bitrix Site Manager 4.0.4

  • Bitrix Site Manager 4.0.5

  • Bitrix Site Manager 4.0.6

  • Bitrix Site Manager 4.0.7

  • Bitrix Site Manager 4.0.8


References

OSVDB - 17341

CONFIRM - http://www.bitrixsoft.com/support/forum/read.php?FID=10&TID=1872

CONFIRM - http://www.bitrixsoft.com/sitemanager/versions.php?module=main

SECUNIA - 15726

XF - bitrix-serverdocumentroot-file-include(21018)

VUPEN - ADV-2005-0779

BID - 13965

BUGTRAQ - 20050615 Vulnerability: Bitrix Php inclusion


Last Updated: 27 May 2016 10:40:22