Vulnerability: CVE-2022-27228.
Publication date: March 21, 2022.
Description:
Insufficient validation of user input allows a remote unauthenticated attacker to execute arbitrary code on a system. It can result in gaining control of the target system.
Solution:
Update the "Polls, Votes" (vote) module to 21.0.100 version.
Additional information:
We express our gratitude to Sergey Bliznyuk (Positive Technologies) for his help in finding the vulnerability.
Bitrix24 has a new interface. The images in the articles might differ from the current account design. We will update them soon.
Vulnerability: CVE-2022-27228
Was this information helpful?
Integration specialist assistance
Get your Bitrix24 set up by local professionals

Don't have an account? Create for free