CVE-2022-50911

Sažetak

Bitrix24 contains an authenticated remote code execution vulnerability that allows logged-in attackers to execute arbitrary system commands through the PHP command line admin interface. Attackers can leverage the vulnerability by sending crafted POST requests to the administrative endpoint with system commands to execute code with the web application's privileges.

Reference

https://www.bitrix24.com/apps/desktop.php
https://www.exploit-db.com/exploits/50898
https://www.vulncheck.com/advisories/bitrix-remote-code-execution-rce-authenticated

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

13-01-2026 - 23:15

Objavljeno

13-01-2026 - 23:15