Vulnerabilities > Bitrix Project > Bitrix > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-14 | CVE-2015-8356 | SQL Injection vulnerability in Bitrix Project Bitrix Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | 6.0 |