Description
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/38975
References (5)
Core 5
Core References
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23281
Exploit x_refsource_misc
http://packetstormsecurity.com/files/134766/bitrix.mpbuilder-Bitrix-1.0.10-Local-File-Inclusion.html
Various Sources x_refsource_confirm
https://marketplace.1c-bitrix.ru/solutions/bitrix.mpbuilder/#tab-log-link
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/38975/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537067/100/0/threaded
Scores
EPSS
0.1359
EPSS Percentile
94.3%
Details
CWE
CWE-22
Status
published
Products (1)
bitrix/mpbuilder
< 1.0.11
Published
Dec 16, 2015
Tracked Since
Feb 18, 2026