Security Advisory

CVE-2015-8357

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-12-16 21:00:00

Last updated 2024-08-06 08:13:32

Assigner mitre

State PUBLISHED

Description

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.

← Browse all CVEs View on cve.org ↗