CVE-2006-2479

critical

Description

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26548

https://exchange.xforce.ibmcloud.com/vulnerabilities/26542

http://www.vupen.com/english/advisories/2006/1858

http://www.securityfocus.com/archive/1/434367/100/0/threaded

http://securityreason.com/securityalert/918

Details

Source: Mitre, NVD

Published: 2006-05-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00587