Bitrix24Care

Vulnerability: CVE-2022-27228

Vulnerability: CVE-2022-27228.
Publication date: March 21, 2022.

Description:
Insufficient validation of user input allows a remote unauthenticated attacker to execute arbitrary code on a system. It can result in gaining control of the target system.

Solution:
Update the "Polls, Votes" (vote) module to 21.0.100 version.

Additional information:
We express our gratitude to Sergey Bliznyuk (Positive Technologies) for his help in finding the vulnerability.

Was this information helpful?
Optional:
Article feedback
Could you please tell us why:
Article feedback
Integration specialist assistance
Go to Bitrix24
Don't have an account? Create for free