Bitrix Bitrix Site Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Bitrix Bitrix Site Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2005-1995 — CVSS 5.0 (medium): Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2)…
CVE-2005-1996 — CVSS 5.0 (medium): PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via…
CVE-2006-2476 — CVSS 5.0 (medium): Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to…
CVE-2006-2478 — CVSS 5.0 (medium): Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request…
CVE-2006-2479 — CVSS 5.0 (medium): The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers…
CVE-2006-2477 — CVSS 4.9 (medium): Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject…