Directory Traversal Vulnerability in Bitrix MPBuilder Module

CVE-2015-8358 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.

Learn more about our Web Application Penetration Testing UK.