Known Vulnerabilities for products from Bitrix
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Bitrix".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-67887 json | Not Provided | 2026-05-08 | 2026-05-11 | |
| CVE-2024-34891 json | Not Provided | 2024-11-04 | 2026-07-05 | |
| CVE-2024-34887 json | Not Provided | 2024-11-04 | 2026-07-05 | |
| CVE-2024-34885 json | Not Provided | 2024-11-04 | 2026-07-05 | |
| CVE-2024-34883 json | Not Provided | 2024-11-04 | 2026-07-05 | |
| CVE-2024-34882 json | Not Provided | 2024-11-04 | 2026-07-05 | |
| CVE-2020-13758 json | modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950... | 6.1 - MEDIUM | 2020-06-01 | 2020-06-02 |
| CVE-2015-8358 json | Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to inc... | Not Provided | 2015-12-16 | 2026-05-06 |
| CVE-2015-8357 json | Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to ren... | Not Provided | 2015-12-16 | 2026-05-06 |
| CVE-2013-6788 json | The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, whi... | Not Provided | 2014-05-30 | 2026-05-06 |
| CVE-2006-2479 json | The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows re... | 5 - MEDIUM | 2006-05-19 | 2018-10-18 |
| CVE-2006-2478 json | Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP P... | 5 - MEDIUM | 2006-05-19 | 2018-10-18 |
| CVE-2006-2477 json | Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to... | 4.9 - MEDIUM | 2006-05-19 | 2018-10-18 |
| CVE-2006-2476 json | Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remot... | 5 - MEDIUM | 2006-05-19 | 2018-10-18 |
| CVE-2005-1996 json | PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrar... | Not Provided | 2005-06-15 | 2025-04-03 |
| CVE-2005-1995 json | Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php o... | Not Provided | 2005-06-15 | 2025-04-03 |