VYPR

1C-Bitrix

by Bitrix

CVEs (2)

  • CVE-2025-67887CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.02

    1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for…

  • CVE-2022-43959Jan 20, 2023
    risk 0.00cvss epss 0.01

    Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.