Description
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537072/100/0/threaded
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/38976/
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23278
Vendor Advisory x_refsource_confirm
https://marketplace.1c-bitrix.ru/solutions/bitrix.xscan/#tab-log-link
Exploit x_refsource_misc
http://packetstormsecurity.com/files/134765/bitrix.scan-Bitrix-1.0.3-Path-Traversal.html
Scores
EPSS
0.0483
EPSS Percentile
89.6%
Details
CWE
CWE-22
Status
published
Products (1)
bitrix/xscan
< 1.0.3
Published
Dec 16, 2015
Tracked Since
Feb 18, 2026