Bitrix24 Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Bitrix24, allowing authenticated users to execute arbitrary system commands via the PHP command line administration interface. This vulnerability arises from missing authorization checks, enabling logged-in attackers to send crafted POST requests to the administrative endpoint and execute commands with the privileges of the web application.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where Bitrix24 is hosted.

Reproduction

To reproduce this vulnerability, log into Bitrix24 and navigate to the administrative PHP command line interface. Once there, send a POST request containing the desired system command to be executed. The command will be executed with the privileges of the web application, and the result can be retrieved from the command line interface.