1C-Bitrix Remote Code Execution Vulnerability in Translate Module
Vulnerability
A remote code execution vulnerability exists in 1C-Bitrix versions through 25.100.500, specifically within the Translate Module. The issue arises because the application allows users with SOURCE and WRITE permissions to upload archive files that can include PHP scripts and .htaccess files. The module does not properly validate the contents of these archives before extraction, enabling the execution of arbitrary PHP code.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where 1C-Bitrix is hosted.
Reproduction
To reproduce this vulnerability, an account with SOURCE and WRITE permissions in the Translate Module is required. Once logged in, upload a malicious archive containing a PHP file and a crafted .htaccess file through the module's upload feature. After the archive is uploaded, extract its contents using the module's extraction function. Finally, access the uploaded PHP file through the web server to execute the injected code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.