CVE-2022-27228: Input Validation
First published: Tue Mar 22 2022(Updated: )
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitrix24 Bitrix24 | <21.0.100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Bitrix Site Manager vulnerability?
The vulnerability ID is CVE-2022-27228.
What is the severity level of CVE-2022-27228?
The severity level of CVE-2022-27228 is critical.
How can an attacker exploit CVE-2022-27228?
An attacker can exploit CVE-2022-27228 by executing arbitrary code remotely.
Which version of Bitrix Site Manager is affected by CVE-2022-27228?
Bitrix Site Manager version up to 21.0.100 is affected by CVE-2022-27228.
Is authentication required to exploit CVE-2022-27228?
No, authentication is not required to exploit CVE-2022-27228.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/bitrix24
- canonical/bitrix24 bitrix24