cbcvebase.
CVE-2015-8358
published 2015-12-16

CVE-2015-8358: Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local…

PriorityP357critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
6.96%
93.3th percentile
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
bitrixmpbuilder<= 1.0.11

Detection & IOCsextracted from sources · hover to see the quote

path/bitrix/admin/bitrix.mpbuilder_step2.php
pathadmin/bitrix.mpbuilder_step2.php
  • Monitor HTTP POST requests to /bitrix/admin/bitrix.mpbuilder_step2.php containing directory traversal sequences (../) in the 'work[]' parameter, which is passed unsanitized to PHP's include() function.
  • Watch for CSRF-vectored exploitation: anonymous users may trigger the vulnerability against authenticated admins, so alert on unexpected POST requests to the vulnerable endpoint originating from cross-origin referrers.
  • Detect potential session-file-based PHP code execution: attackers may inject PHP code into their profile 'NAME' field (stored in session files) and then trigger inclusion of the session file via the traversal vulnerability to achieve RCE.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.