Report

Version: 0.10.4
Scan date: 2024-05-29 19:25:11
Files analyzed: 67174 | Files infected: 738

/var/www/lesiak/lesia.ua/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:23:25 Modified: 2024-04-22 10:42:17 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/site_hz/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:22:07 Modified: 2024-04-22 10:42:18 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/site_hz/ajax/form.php

Size: 4.25 kB Created: 2020-09-26 01:22:07 Modified: 2024-04-22 10:42:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 31 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/coupon_activation.php

Size: 16.28 kB Created: 2021-09-03 11:53:03 Modified: 2024-04-22 10:34:18 Dangers: 1
DescriptionMatch

Exploit execution Line: 143 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/redsign/easycart/gopro/template.php

Size: 6.66 kB Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:19 Dangers: 4
DescriptionMatch

Exploit execution Line: 32 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/viewed_products.php")

Exploit execution Line: 44 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/compare.php")

Exploit execution Line: 53 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/favorite.php")

Exploit execution Line: 62 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.product.subscribe.list/gopro/component_epilog.php

Size: 227.00 B Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/component_epilog.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.product.subscribe.list/gopro/template.php

Size: 6.20 kB Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 151 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.product.subscribe.list/gopro/result_modifier.php

Size: 318.00 B Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/result_modifier.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/sale.order.ajax/gopro/props.php

Size: 5.08 kB Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/sale.order.ajax/gopro/related_props.php

Size: 471.00 B Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/news.detail/brands/component_epilog.php

Size: 301.00 B Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 7 Warning

Double var technique is usually used for the obfuscation of malicious code

${$filterName}

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.smart.filter/gopro/ajax.php

Size: 1.05 kB Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 17 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/sale.basket.basket/rs_easycart/template.php

Size: 657.00 B Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$templateFolder.'/basket_items.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/component_epilog.php

Size: 410.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/component_epilog.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/.parameters.php

Size: 189.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/template.php

Size: 3.06 kB Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 101 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/result_modifier.php

Size: 448.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/result_modifier.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/ru/.parameters.php

Size: 124.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/ru/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/ru/template.php

Size: 121.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/ru/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/en/.parameters.php

Size: 124.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/en/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/en/template.php

Size: 121.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/en/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.gift.main.products/main/template.php

Size: 6.74 kB Created: 2020-09-26 01:18:18 Modified: 2024-04-22 10:34:28 Dangers: 2
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"], "CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"], "CURRENCY_ID" => $arParams["CURRENCY_ID"], "HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"], "TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""), "ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""), "LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""), "OFFER_ADD_PICT_PROP" => (isset($arPara...

Exploit clever_include Line: 78 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
                        "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
                        "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
                        "
HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"],
                        "
TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""),

                        "
ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""),

                        "
LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""),
    ...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/news.detail/news/component_epilog.php

Size: 46.99 kB Created: 2021-11-20 12:57:52 Modified: 2024-04-22 10:34:28 Dangers: 1
DescriptionMatch

Exploit execution Line: 1285 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/component_epilog.php

Size: 68.33 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1404 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1532 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/template.php

Size: 89.22 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1623 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/template.php

Size: 90.81 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1619 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/template.php

Size: 90.38 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1611 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/component_epilog.php

Size: 62.38 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/template.php

Size: 89.71 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1660 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/component_epilog.php

Size: 66.25 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/template.php

Size: 91.74 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1633 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.basket.basket/top_hover/template.php

Size: 5.98 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:34:29 Dangers: 3
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

Exploit execution Line: 51 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 55 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.basket.basket/fly/template.php

Size: 12.60 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:34:29 Dangers: 3
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 81 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.comments/main/bitrix/blog.post.comment/adapt/template.php

Size: 30.93 kB Created: 2020-09-26 01:18:16 Modified: 2024-04-22 10:34:30 Dangers: 2
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.comments/catalog/bitrix/blog.post.comment/adapt/template.php

Size: 34.00 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:34:30 Dangers: 2
DescriptionMatch

Exploit execution Line: 25 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/search.form/top/template.php

Size: 611.00 B Created: 2020-09-26 01:18:16 Modified: 2024-04-22 10:34:30 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/search.title.catalog2.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/public/ru/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:18:14 Modified: 2024-04-22 10:34:30 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/public/ru/ajax/form.php

Size: 4.83 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:34:30 Dangers: 1
DescriptionMatch

Exploit execution Line: 33 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download.php

Size: 2.02 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:32 Dangers: 2
DescriptionMatch

Exploit execution Line: 36 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

Exploit execution Line: 72 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download_private/download_private.php

Size: 3.58 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:32 Dangers: 1
DescriptionMatch

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download_balance.php

Size: 2.91 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:32 Dangers: 2
DescriptionMatch

Exploit execution Line: 50 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

Exploit execution Line: 98 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/scripts/template.php

Size: 15.72 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:33 Warns: 1
DescriptionMatch

Function eval Line: 462 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(response);
            }

            
CAjaxForm.prototype.ShowError = function(errorMessage)
            {
                var 
errorContainer document.getElementById("error_container");
                var 
errorText document.getElementById("error_text");
                if (!
errorContainer || !errorText)
                    return;

                var 
waitWindow document.getElementById("wait");
                if (
waitWindow)
                    
waitWindow.style.display "none";

                
errorContainer.style.display 'block';
                
errorText.innerHTML strip_tags(errorMessage);

                var 
retryButton = ...

/var/www/lesiak/lesia.ua/bitrix/admin/cat_section_admin.php

Size: 129.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_section_admin.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_product_admin.php

Size: 129.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_element_admin.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_product_edit.php

Size: 128.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_element_edit.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_product_list.php

Size: 126.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_list_admin.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_section_edit.php

Size: 128.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_section_edit.php")

/var/www/lesiak/lesia.ua/bitrix/managed_cache/MYSQL/b_option/50/50e86f69102f2636b841acbcfd284541.php

Size: 1.09 kB Created: 2020-12-23 20:17:44 Modified: 2024-04-22 10:34:36 Dangers: 1
DescriptionMatch

Sign b236d073 Line: 5 Dangerous

Malware Signature (hash: b236d073)

/*;*/

/var/www/lesiak/lesia.ua/bitrix/managed_cache/MYSQL/security/site_checker/fe/fe281fe196231c8d5d04f39a286c1fd5.php

Size: 18.30 kB Created: 2020-12-23 19:26:32 Modified: 2024-04-22 10:34:36 Dangers: 1
DescriptionMatch

Sign 7186bb8d Line: 16 Dangerous

Malware Signature (hash: 7186bb8d)

rwxrwxrwx

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/index.php

Size: 21.20 kB Created: 2021-09-03 11:54:16 Modified: 2024-04-22 10:34:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 456 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/blog/install/events/set_events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.comment/.default/template.php

Size: 21.48 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.edit/.default/template.php

Size: 24.73 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 369 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/template.php

Size: 21.26 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/script.php

Size: 11.35 kB Created: 2020-09-26 01:20:22 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/template.php

Size: 23.17 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 367 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/script.php

Size: 22.93 kB Created: 2020-09-26 01:20:22 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Line: 97 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment/templates/.default/scripts_for_editor.php

Size: 15.25 kB Created: 2020-09-26 01:20:15 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(scripts[s].JS);
                        }
                    }
                    
                    
BX.ajax.processScripts(scriptstrue);
//                    commentEr object may be set in template
                    
if(window.commentEr && window.commentEr == "Y")
                    {
                        
BX('err_comment_'+this.id[1]).innerHTML data;
                    }
                    else
                    {
                        if(
BX('edit_id').value 0)
                        {
                            var 
commentId 'blg-comment-'+this.id[1];
                            if(
BX(commentId))
                            {
                                var 
newComment BX.create('div',{'html':data});    // tmp container for data
//                                paste resp...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment/templates/.default/template.php

Size: 30.03 kB Created: 2021-03-31 19:52:23 Modified: 2024-04-22 10:34:47 Dangers: 3
DescriptionMatch

Exploit execution Line: 134 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

Exploit execution Line: 23 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 24 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/scripts_for_editor.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/.default/template.php

Size: 21.56 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 242 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/.default/script.php

Size: 26.06 kB Created: 2020-09-26 01:20:23 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Line: 140 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/micro/template.php

Size: 4.44 kB Created: 2021-03-31 19:52:22 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 69 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment.list/templates/.default/template.php

Size: 3.61 kB Created: 2020-09-26 01:20:15 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/invoice.php

Size: 252.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/invoice.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/factura.php

Size: 252.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/factura.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/waybill.php

Size: 252.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/waybill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/order_form.php

Size: 258.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/order_form.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/general/sale_report_helper.php

Size: 110.73 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:48 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 972 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/install/version.php")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( 'function ___dbCastIntToChar($dbtype, $param)''{''   $result = $param;''   if (ToLower($dbtype) === "mssql")''   {''       $result = "CAST(".$param." AS VARCHAR)";''   }''   return $result;''}' ); } if (self::$bUsePriceTypesColumns) { foreach (self::$priceTypes as $id => $info) { if ($info['selected'] === true) { $fieldName 'PRICE_TYPE_'.$id$runtime[$fieldName] = array( 'data_type' => 'string''expression' => array('
                (SELECT '
.$DB->Concat(___dbCastIntToChar($DBType...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/general/discount.php

Size: 54.51 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:48 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$checkOrder='.$strUnpack.';'); if (!is_callable($checkOrder)) return false$boolRes $checkOrder($arOrder); unset($checkOrder); return $boolRes; } protected static function __ApplyActions(&$arOrder$strActions) { $applyOrder null; if (!empty($strActions)) { eval('$applyOrder='.$strActions.';'); if (is_callable($applyOrder)) $applyOrder($arOrder); } } protected static function __ConvertOldFormat($strAction, &$arFields) { global $APPLICATION$arMsg = array(); $boolResult true$arNee...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/russianpost/country.php

Size: 203.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/russianpost/country.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_kaz_post.php

Size: 199.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_kaz_post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_russianpost.php

Size: 205.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_russianpost.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_rus_post.php

Size: 199.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_rus_post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_pecom.php

Size: 193.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_pecom.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_ua_post.php

Size: 197.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_ua_post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_ems.php

Size: 189.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_ems.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_cpcr.php

Size: 191.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_cpcr.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/cpcr/cities.php

Size: 187.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/cpcr/cities.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/cpcr/locations.php

Size: 193.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/cpcr/locations.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_rus_post_first.php

Size: 211.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_rus_post_first.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/include.php

Size: 21.05 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/include.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/handlers/paysystem/yandex/lang/en/.description.php

Size: 2.62 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:49 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (scid)"; $MESS["SALE_HPS_YANDEX_SCID_DESC"] = "Showcase identifier in payment collector system (scid)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/handlers/paysystem/yandexinvoice/lang/en/.description.php

Size: 952.00 B Created: 2020-09-26 01:20:37 Modified: 2024-04-22 10:34:49 Warns: 1
DescriptionMatch

Function system Line: 3 Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (ShopID)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/delivery/extra_services/manager.php

Size: 17.44 kB Created: 2021-11-19 17:07:44 Modified: 2024-04-22 10:34:49 Dangers: 1
DescriptionMatch

Exploit nano Line: 254 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$params["CLASS_NAME"]($params["ID"], $params$currency$value$additionalParams)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/location/migration/migrate.php

Size: 54.00 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:49 Dangers: 1
DescriptionMatch

Exploit execution Line: 1090 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/sale/lang/'.$item['LID'].'/lib/location/migration/migrate.php')

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/location/import/compiler/compiler.php

Size: 75.72 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:49 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system('cp '.$workDir.self::STATIC_CSV_DIR.'externalservice.csv '.$workDir.'/'.self::OUTPUT_DIR); system('cp '.$workDir.self::STATIC_CSV_DIR.'type.csv '.$workDir.'/'.self::OUTPUT_DIR); } private $currentParentGroup ''; private function addItemToCSV($fName$group$item) { $data = array( 'CODE' => $item['CODE'], 'PARENT_CODE' => $item['PARENT_CODE'], 'TYPE_CODE' => $item['TYPE_CODE'] ); $data['NAME.RU.NAME'] = ''$data['NAME.EN.NAME'] = ''$data['NAME.UA.NAME'] = ''$name unserialize($ite...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/internals/conversionhandlers.php

Size: 13.14 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 282 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*array*/

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/internals/product.php

Size: 12.27 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( 'function ___dbCastIntToChar($dbtype, $param)''{''   $result = $param;''   if (ToLower($dbtype) === "mssql")''   {''       $result = "CAST(".$param." AS VARCHAR)";''   }''   return $result;''}' ); } $fieldsMap = array( 'ID' => array( 'data_type' => 'integer''primary' => true ), 'TIMESTAMP_X' => array( 'data_type' => 'integer' ), 'DATE_UPDATED' => array( 'data_type' => 'datetime''expression' => array( $DB->datetimeToDateFunction('%s'), 'TIMESTAMP_X', ) ), 'QUANTITY' => a...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/discount/preset/basepreset.php

Size: 23.97 kB Created: 2021-11-19 17:07:47 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $isPost $this->request->isPost(); $stepName $this->getStepName(); $state $this->getState(); if($stepName === $this->getFirstStepName() && !$isPost && $this->isDiscountEditing()) { $state $this->generateState($this->discount); } if($this->isRunningPrevStep()) { $stepName $state->getPrevStep(); } if($isPost && !$this->isRunningPrevStep()) { list($state$nextStep) = $this->runStep($stepName$stateself::MODE_SAVE); if($stepName != $nextStep) { $state->addStepChain($stepName); ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/discountbase.php

Size: 155.68 kB Created: 2021-09-03 11:54:11 Modified: 2024-04-22 10:34:50 Warns: 1 Dangers: 1
DescriptionMatch

Exploit nano Line: 2282 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$discount[$executeKey]($this->orderData)

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($evalCode); } catch (\ParseError $e) { $this->showAdminError(); } } else { eval($evalCode); } unset($evalCode); if (!is_callable($checkOrder)) return false$result $checkOrder($this->orderData); unset($checkOrder); } else { if (!is_callable($discountLink[$executeKey])) return false$result $discountLink[$executeKey]($this->orderData); } unset($discountLink); return $result; } protected function applySaleDiscount() { $result = new ResultDiscount\Actions::clearApplyCounter(); $discoun...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/compatible/discountcompatibility.php

Size: 44.44 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$applyProduct='.$orderApplication.';'); if (is_callable($applyProduct)) $applyProduct($fields); unset($applyProduct); if (!empty($fields['DISCOUNT_RESULT'])) { self::$discountResult['BASKET'][$code][$index]['RESULT']['DESCR_DATA'] = $fields['DISCOUNT_RESULT']['BASKET']; self::$discountResult['BASKET'][$code][$index]['RESULT']['DESCR'] = self::formatDescription($fields['DISCOUNT_RESULT']); } unset($fields['DISCOUNT_RESULT']); } unset($orderApplication); } unset($discount$index); return tr...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/z_payment_result.php

Size: 290.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/z_payment_result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/ru/z_payment.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/ru/z_payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/en/z_payment.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/en/z_payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank_new/payment.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank_new/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank_new/.description.php

Size: 288.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank_new/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/payment.php

Size: 268.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/ru/paycash.php

Size: 199.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/ru/paycash.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/en/paycash.php

Size: 199.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/en/paycash.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/payment.php

Size: 275.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/ru/bill.php

Size: 194.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/ru/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/en/bill.php

Size: 193.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/payflow_pro/payment.php

Size: 9.77 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($ret_com$arOutput$ret_var); $strOutput $arOutput[0]; parse_str($strOutput$arResult); if (is_array($arResult) && strlen($arResult["RESULT"])>0) { $arFields = array( "PS_STATUS" => (($arResult["RESULT"]==0) ? "Y" "N"), "PS_STATUS_CODE" => $arResult["RESULT"], "PS_STATUS_DESCRIPTION" => $arResult["RESPMSG"]." - ".$arResult["PREFPSMSG"], "PS_STATUS_MESSAGE" => $arResult["PNREF"], "PS_RESPONSE_DATE" => Date(CDatabase::DateFormatToPHP(CLang::GetDateFormat("FULL"LANG))) ); $arResult["R...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/payflow_pro/action.php

Size: 5.77 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($ret_com$arOutput$ret_var); $strOutput $arOutput[0]; parse_str($strOutput$arResult); if (is_array($arResult) && strlen($arResult["RESULT"])>0) { $OUTPUT_STATUS = (($arResult["RESULT"] == 0) ? "Y" "N"); $OUTPUT_STATUS_CODE $arResult["RESULT"]; $OUTPUT_STATUS_DESCRIPTION $arResult["RESPMSG"]." - ".$arResult["PREFPSMSG"]; $OUTPUT_STATUS_MESSAGE $arResult["PNREF"]; $OUTPUT_SUM $INPUT_SUM$OUTPUT_CURRENCY "USD"$OUTPUT_RESPONSE_DATE Date(CDatabase::DateFormatToPHP(CLang::...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/payflow_pro/pre_payment.php

Size: 8.22 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($ret_com$arOutput$ret_var); $strOutput $arOutput[0]; parse_str($strOutput$arResult); if (is_array($arResult) && strlen($arResult["RESULT"])>0) { $arPaySysResult = array( "PS_STATUS" => (($arResult["RESULT"] == 0) ? "Y" "N"), "PS_STATUS_CODE" => $arResult["RESULT"], "PS_STATUS_DESCRIPTION" => $arResult["RESPMSG"]." - ".$arResult["PREFPSMSG"], "PS_STATUS_MESSAGE" => $arResult["PNREF"], "PS_SUM" => $AMT"PS_CURRENCY" => "USD""PS_RESPONSE_DATE" => Date(CDatabase::DateFormatToPHP(CL...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/payment.php

Size: 276.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/.description.php

Size: 286.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/ru/payment.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/en/payment.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/oshadbank/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/oshadbank/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/oshadbank/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/oshadbank/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/payment.php

Size: 270.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/.description.php

Size: 280.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/ru/payment.php

Size: 201.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/en/payment.php

Size: 201.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/liqpay/result_rec.php

Size: 1.32 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['operation_xml'])

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/payment.php

Size: 270.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/.description.php

Size: 280.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/ru/webmoney.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/ru/webmoney.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/en/webmoney.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/en/webmoney.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/worldpay/.description.php

Size: 3.63 kB Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

System (via http://www.worldpay.com/admin). In the new window that "; $psDescription .= "opens you will need to scroll down to the section headed Installations and select the Configuration options button corresponding to the instId you are using.<br>"; $psDescription .= "You need to complete the following settings:<br>"; $psDescription .= "- <b>Callback URL</b><br>This should be set to the complete address to your callback URL (this file), hosted on your server.<br>"; $psDescription .= "You shou...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/payment.php

Size: 270.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/.description.php

Size: 280.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/ru/sberbank.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/ru/sberbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/en/sberbank.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/en/sberbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/payment.php

Size: 262.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/.description.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/ru/post.php

Size: 187.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/ru/post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/en/post.php

Size: 187.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/en/post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/payment.php

Size: 264.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/.description.php

Size: 274.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/ru/payment.php

Size: 195.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/en/payment.php

Size: 195.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/payment.php

Size: 269.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/.description.php

Size: 272.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/ru/bill.php

Size: 188.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/ru/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/en/bill.php

Size: 187.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/payment.php

Size: 273.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/result_rec.php

Size: 279.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/ru/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/en/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/result.php

Size: 270.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/payment.php

Size: 275.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/en/bill.php

Size: 193.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/la/bill.php

Size: 194.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/la/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/payment.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/result_rec.php

Size: 284.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/.description.php

Size: 288.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/ru/webmoney_web.php

Size: 219.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/ru/webmoney_web.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/en/webmoney_web.php

Size: 219.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/en/webmoney_web.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/payment.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/result_rec.php

Size: 284.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/.description.php

Size: 288.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/ru/webmoney_pci.php

Size: 219.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/ru/webmoney_pci.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/en/webmoney_pci.php

Size: 219.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/en/webmoney_pci.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/result.php

Size: 276.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/payment.php

Size: 266.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/result_rec.php

Size: 272.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/.description.php

Size: 276.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/ru/payment.php

Size: 197.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/en/payment.php

Size: 197.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/result_rec.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/ru/webmoney_web.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/ru/paymaster.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/en/paymaster.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/en/paymaster.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/payment.php

Size: 275.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/ru/bill.php

Size: 194.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/ru/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/en/bill.php

Size: 193.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/result_rec.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/ru/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/en/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/ru/impexbank.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/ru/impexbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/en/impexbank.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/en/impexbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/crm.php

Size: 22.35 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 426 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/.access.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/yandexinvoice_settings.php

Size: 9.31 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:51 Warns: 2
DescriptionMatch

Function proc_close Warning

Potentially dangerous function `proc_close`

[https://www.php.net/proc_close]

proc_close($process); $dbRes = \Bitrix\Sale\Internals\YandexSettingsTable::getById($shopId); if ($dbRes->fetch()) \Bitrix\Sale\Internals\YandexSettingsTable::update($shopId, array('PKEY' => $privateKey)); else \Bitrix\Sale\Internals\YandexSettingsTable::add(array('SHOP_ID' => $shopId'PKEY' => $privateKey)); } else { $errorMsg Loc::getMessage('SALE_YANDEX_INVOICE_SETTINGS_ALREADY_CONFIGURED'); } if ($errorMsg === '') { $redirectUrl $APPLICATION->GetCurPage()."?pay_system_id=".$id."&lang=".L...

Function proc_open Warning

Potentially dangerous function `proc_open`

[https://www.php.net/proc_open]

proc_open($command$descriptorSpec$pipes); $privateKey stream_get_contents($pipes[1]); $return_value proc_close($process); $dbRes = \Bitrix\Sale\Internals\YandexSettingsTable::getById($shopId); if ($dbRes->fetch()) \Bitrix\Sale\Internals\YandexSettingsTable::update($shopId, array('PKEY' => $privateKey)); else \Bitrix\Sale\Internals\YandexSettingsTable::add(array('SHOP_ID' => $shopId'PKEY' => $privateKey)); } else { $errorMsg Loc::getMessage('SALE_YANDEX_INVOICE_SETTINGS_ALREADY_CONFIG...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/order_new.php

Size: 274.77 kB Created: 2021-09-03 11:54:47 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );

            if (
rss["status"] == "ok")
            {
                
BX('CART_FIX').value'N';

                var 
userEl BX("user_id");
                var 
orderID '<?=$ID?>';

                
locationID rss["location_id"];
                
locationZipID rss["location_zip_id"];

                
insertHtmlResult(document.getElementById("buyer_type_change"), rss['buyertype']);
                
insertHtmlResult(document.getElementById("buyer_type_delivery"), rss['buyerdelivery']);

                <?if(
CSaleLocation::isLocationProEnabled()):?>
                    initZipHandling();
                <?endif?...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/location_edit.php

Size: 21.05 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.fform.COUNTRY_ID");
                
CHANGE_COUNTRY = eval("document.fform.CHANGE_COUNTRY");

                <?if (
$ID>0):?>
                if (parseInt(COUNTRY_LIST.selectedIndex)==0)
                {
                    CHANGE_COUNTRY.checked = false;
                }
                <?endif;?>

                if (parseInt(COUNTRY_LIST.selectedIndex)==0 <?if ($ID>0) echo "|| CHANGE_COUNTRY.checked";?>)
                {
                    SetEnabled(true);
                }
                else
                {
                    SetEnabled(false);
                }
            }
            </script>

            <select name="COUNTRY_ID" OnChange="SetContact()">
                <option value="...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/1c_admin_profile.php

Size: 16.48 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("var cur_type = ''; if (typeof(param_" pkey "_type_" ind ") == 'string') cur_type = param_" pkey "_type_" ind ";");
    eval(
"var cur_val = ''; if (typeof(param_" pkey "_value_" ind ") == 'string') cur_val = param_" pkey "_value_" ind ";");
    eval(
"var cur_name = ''; if (typeof(param_" pkey "_name_" ind ") == 'string') cur_name = param_" pkey "_name_" ind ";");

    if(
cur_name.length 0)
    {
        
num pkey.substr(pkey.lastIndexOf('_')+1);
        
src BX("...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/buyers.php

Size: 16.08 kB Created: 2021-09-03 11:54:47 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 518 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*BUYER*/

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/discount_preset_list.php

Size: 13.95 kB Created: 2021-11-19 17:07:47 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 50 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*close*/

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/report_construct.php

Size: 22.89 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('('+res+')');
                                        
filters BX.findChildren(filterContainer, {class: 'sale-report-site-dependent'}, true);
                                        for(
i in filters)
                                        {
                                            if (
filters[i].tagName == 'SELECT')
                                            {
                                                
filterType filters[i].getAttribute('tid');
                                                if (
filterType)
                                                {
                                                    
fRewriteSelectFromArray(filters[i], res[filterType], '');
                                                }
                                                
filters[i].value '';
                                            }
                                        }
                                    }
                                }
                                function ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/ymarket.php

Size: 21.94 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+result+')' );
                                
BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>').innerHTML '&nbsp;' res['text'];

                                
BX.removeClass(BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>'), 'https_check_success');
                                
BX.removeClass(BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>'), 'https_check_fail');

                                if (
res['status'] == 'ok')
                                    
BX.addClass(BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>'), 'https_check_success');
                                else
                                    
BX.addClas...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/discount_edit.php

Size: 30.96 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:51 Dangers: 2
DescriptionMatch

Exploit execution Line: 143 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['CONDITIONS'])

Exploit execution Line: 188 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['ACTIONS'])

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/delivery.php

Size: 11.61 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.find_form.filter_lang");
                
filter_order_price_from = eval("document.find_form.filter_order_price_from");
                
filter_order_price_to = eval("document.find_form.filter_order_price_to");
                
f_currency = eval("document.find_form.f_currency");

                var 
iesum;
                if (
parseInt(filter_lang.selectedIndex)==0)
                {
                    
filter_order_price_from.disabled true;
                    
filter_order_price_to.disabled true;
                    
f_currency.value "";
                }
                else
                {
                    
filter_order_price_from.disa...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/affiliate_calc.php

Size: 13.27 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 235 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin_after.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/affiliate_plan_edit.php

Size: 23.84 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.form1.MODULE_ID_" cnt);
                if (!
m)
                    return;

                if (
m[m.selectedIndex].value == "catalog")
                    
ShowHideSectionBox(cnttrue);
                else
                    
ShowHideSectionBox(cntfalse);
            }


            var 
itm_id = new Object();
            var 
itm_name = new Object();

            function 
ChlistIBlock(cntn_id)
            {
                var 
max_lev itm_lev;
                var 
nex document.form1["SECTION_SELECTOR_LEVEL_" cnt "[0]"];
                var 
iBlock = eval("document.form1.SECTION_IBLOCK_ID_" cnt);
                var 
iBlockID iBlock[iBl...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/stat_graph_money.php

Size: 9.79 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 115 Warning

Double var technique is usually used for the obfuscation of malicious code

${$filterLine}

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/report_view.php

Size: 23.12 kB Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('('+res+')');
                                        
filters BX.findChildren(filterContainer, {class: 'sale-report-site-dependent'}, true);
                                        for(
i in filters)
                                        {
                                            if (
filters[i].tagName == 'SELECT')
                                            {
                                                
filterType filters[i].getAttribute('tid');
                                                if (
filterType)
                                                {
                                                    
fRewriteSelectFromArray(filters[i], res[filterType], '');
                                                }
                                            }
                                        }
                                    }
                                }
                                function 
fRewriteSelectFromArray(selectdat...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/order_detail.php

Size: 152.97 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 1366 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$customOrderView)

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );
                                                
BX.closeWait();

                                                if (!!
rs.STATUS_ERR && true == rs.STATUS_ERR)
                                                {
                                                    var 
obStatusErr BX('change_status_err');
                                                    if (!!
obStatusErr)
                                                    {
                                                        
obStatusErr.innerHTML rs.STATUS_ERR_MESS;
                                                        
obStatusErr.style.display 'inline-block';
                                                    }
                                                }
                                                else
                                                {
                                                    if (
BX('date_status_change') && rs['DATE_STATUS'] && rs['DATE_STATUS'].length 0)
            ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/options.php

Size: 94.04 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 248 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

/var/www/lesiak/lesia.ua/bitrix/modules/sale/ru/payment/yandex_3x/ru/payment.php

Size: 3.10 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:53 Warns: 1
DescriptionMatch

Function eval Line: 66 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+result+')' );
                
BX('https_check_result').innerHTML '&nbsp;' res['text'];

                
BX.removeClass(BX('https_check_result'), 'https_check_success');
                
BX.removeClass(BX('https_check_result'), 'https_check_fail');

                if (
res['status'] == 'ok')
                    
BX.addClass(BX('https_check_result'), 'https_check_success');
                else
                    
BX.addClass(BX('https_check_result'), 'https_check_fail');
            });
        };
        
checkHTTPS()

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.order.full/templates/.default/template.php

Size: 5.19 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:53 Dangers: 7
DescriptionMatch

Exploit execution Line: 69 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step1.php")

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/auth.php")

Exploit execution Line: 71 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step2.php")

Exploit execution Line: 73 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step3.php")

Exploit execution Line: 75 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step4.php")

Exploit execution Line: 77 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step5.php")

Exploit execution Line: 79 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step6.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.bsm.site.master/tools/pushchecker.php

Size: 2.20 kB Created: 2020-09-26 01:20:34 Modified: 2024-04-22 10:34:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 114 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.bsm.site.master/tools/modulechecker.php

Size: 3.04 kB Created: 2020-09-26 01:20:34 Modified: 2024-04-22 10:34:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.basket.order.ajax/component.php

Size: 38.65 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:54 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 556 Dangerous

Malware Signature (hash: 11413268)

eVal($_POST

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.basket.order.ajax/templates/.default/template.php

Size: 5.77 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:54 Dangers: 7
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_confirm.php")

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 28 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_delay.php")

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_notavail.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_subscribe.php")

Exploit execution Line: 44 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_person_type.php")

Exploit execution Line: 45 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_props.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.location.selector.system/templates/.default/template.php

Size: 17.99 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:55 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system(<?=CUtil::PhpToJSObject(array( 'scope' => 'slss-'.intval($arResult['RANDOM_TAG']), 'source' => $component->getPath().'/get.php''query' => array( 'BEHAVIOUR' => array( 'LANGUAGE_ID' => LANGUAGE_ID ), ), 'editUrl' => '?'.implode('&'$urlComponents), 'parentTagId' => intval($arResult['RANDOM_TAG']), 'useCodes' => $arResult['USE_CODES'], 'types' => $arResult['TYPES'], 'startSearchLen' => $component::START_SEARCH_LEN'pageSize' => $component::PAGE_SIZE'hugeTailLen' => $component::HUGE_TA...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.ajax.delivery.calculator/templates/input/ajax.php

Size: 864.00 B Created: 2020-09-26 01:20:31 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 15 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.ajax.delivery.calculator/templates/.default/ajax.php

Size: 0.99 kB Created: 2020-09-26 01:20:31 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 15 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.crm.site.master/tools/pushchecker.php

Size: 2.27 kB Created: 2021-03-31 19:52:33 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.crm.site.master/tools/modulechecker.php

Size: 5.15 kB Created: 2021-03-31 19:52:33 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 141 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.notice.product/templates/.default/template.php

Size: 7.43 kB Created: 2020-09-26 01:20:30 Modified: 2024-04-22 10:34:56 Warns: 1
DescriptionMatch

Function eval Line: 130 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );

                            if (
rs['ERRORS'].length 0)
                            {
                                if (
rs['ERRORS'] == 'NOTIFY_ERR_NULL')
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_NULL')?>';
                                else if (
rs['ERRORS'] == 'NOTIFY_ERR_CAPTHA')
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_CAPTHA')?>';
                                else if (
rs['ERRORS'] == 'NOTIFY_ERR_MAIL_EXIST')
                                {
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_MAIL_BUYERS_EXIST')?>';
                        ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.location.import/templates/admin/template.php

Size: 13.06 kB Created: 2021-09-03 11:54:47 Modified: 2024-04-22 10:34:56 Dangers: 1
DescriptionMatch

Sign 7830f7a6 Line: 11 Dangerous

Malware Signature (hash: 7830f7a6)

nc-l

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.location.import/templates/.default/template.php

Size: 15.64 kB Created: 2020-09-26 01:20:29 Modified: 2024-04-22 10:34:56 Dangers: 1
DescriptionMatch

Sign 7830f7a6 Line: 11 Dangerous

Malware Signature (hash: 7830f7a6)

nc-l

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/sample/mp3/download_private.php

Size: 4.97 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:57 Warns: 1 Dangers: 1
DescriptionMatch

Exploit double_var2 Line: 13 Warning

Double var technique is usually used for the obfuscation of malicious code

${$arr2[0]}

Exploit execution Line: 177 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/modules/pull/ajax_hit.php

Size: 289.00 B Created: 2020-09-26 01:18:59 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/components/bitrix/pull.request/ajax.php")

/var/www/lesiak/lesia.ua/bitrix/modules/pull/default_option.php

Size: 1.50 kB Created: 2021-03-31 19:52:41 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/php_interface/pull.php")

/var/www/lesiak/lesia.ua/bitrix/modules/pull/options.php

Size: 24.13 kB Created: 2021-09-03 11:54:43 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/modules/pull/default_option.php')

/var/www/lesiak/lesia.ua/bitrix/modules/pull/classes/general/pull_options.php

Size: 16.59 kB Created: 2021-09-03 11:53:19 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 533 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/modules/pull/default_option.php')

/var/www/lesiak/lesia.ua/bitrix/modules/yandex.market/lib/trading/service/reference/printer.php

Size: 2.24 kB Created: 2020-09-26 01:19:59 Modified: 2024-04-22 10:34:58 Dangers: 1
DescriptionMatch

Exploit nano Line: 35 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$map[$type]($this->provider)

/var/www/lesiak/lesia.ua/bitrix/modules/mobileapp/install/components/bitrix/mobileapp.menu/templates/.default/template.php

Size: 12.57 kB Created: 2020-09-26 01:20:24 Modified: 2024-04-22 10:35:00 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec("showAuthForm");
                }
            }
    <?endif;
?>

    if(BX.PULL)
    {
        BX.addCustomEvent("onPullExtendWatch", function(data) {
            BX.PULL.extendWatch(data.id);
        });

        BX.addCustomEvent("thisPageWillDie", function(data) {
            BX.PULL.clearWatch(data.page_id);
        });

        BX.addCustomEvent("onPullEvent", function (module_id, command, params)
        {
            if (module_id == 'main' && (command == 'user_authorize' || command == 'user_logout' || command == 'online_list'))
            {
                //app.onCustomEvent('onPullOnline', {...

/var/www/lesiak/lesia.ua/bitrix/modules/webprostor.core/classes/general/functions.php

Size: 22.98 kB Created: 2021-11-19 17:17:36 Modified: 2024-04-22 10:35:00 Warns: 1
DescriptionMatch

Exploit concat_vars_with_spaces Line: 32 Warning

Concatenation of vars technique is usually used for the obfuscation of malicious code

$subA.$subG.$subD.$subB.$subH.$subF.

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/shelladapter.php

Size: 1.88 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Warns: 3 Dangers: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($command" > ".$outputPath." 2>&1 &"); return true; } public function getLastOutput() { return $this->resOutput; } public function getLastError() { return $this->resError; } public function syncExec($command) { $command $this->prepareExecution($command); $retVal 1$descriptorspec = array( => array("pipe""r"), => array("pipe""w"), => array("pipe""w") ); $pipes = array(); $process proc_open('/bin/bash'$descriptorspec$pipes); if (is_resource($process)) { fwrite($pipes[0...

Function proc_close Line: 93 Warning

Potentially dangerous function `proc_close`

[https://www.php.net/proc_close]

proc_close($process)

Function proc_open Warning

Potentially dangerous function `proc_open`

[https://www.php.net/proc_open]

proc_open('/bin/bash'$descriptorspec$pipes); if (is_resource($process)) { fwrite($pipes[0], $command); fclose($pipes[0]); $this->resOutput stream_get_contents($pipes[1]); fclose($pipes[1]); $this->resError stream_get_contents($pipes[2]); fclose($pipes[2]); $retVal proc_close($process)

Function strrev exec_strrev Line: 39 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/sitesdata.php

Size: 3.12 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev exec_strrev Line: 80 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/action.php

Size: 7.27 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($paramCode); $retStr str_replace('##CODE_PARAMS:'.$paramId.'##'$res$retStr); } } foreach ($this->freeParams as $key => $paramValue$retStr str_replace('##'.$key.'##'$paramValue$retStr); return $retStr; } public function start(array $inputParams = array()) { if(!is_array($inputParams)) throw new \Bitrix\Main\ArgumentTypeException("inputParams""array"); if(isset($this->actionParams["MODIFYERS"]) && is_array($this->actionParams["MODIFYERS"])) { $needMoreUserInfo false; foreach...

Function strrev exec_strrev Line: 179 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/helper.php

Size: 5.30 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Exploit php_uname Line: 211 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine

php_uname('s')

Function strrev exec_strrev Line: 186 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/actionsdata.php

Size: 8.27 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ('{$operand1}{$operator} '{$operand2}');"); } public static function setLogLevel($logLevel) { self::$logLevel $logLevel; } public static function checkRunningAction() { $result = []; $shellAdapter = new ShellAdapter(); $execRes $shellAdapter->syncExec("sudo -u root /opt/webdir/bin/bx-process -a list -o json"); $data $shellAdapter->getLastOutput(); if($execRes) { $arData json_decode($datatrue); $result = []; if(isset($arData["params"]) && is_array($arData["params"])) { fo...

Function strrev exec_strrev Line: 93 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/serversdata.php

Size: 5.19 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev exec_strrev Line: 39 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/provider.php

Size: 6.34 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev exec_strrev Line: 24 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/monitoring.php

Size: 14.80 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Exploit nano Line: 300 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$item["DATA_FUNC"]($data)

Function strrev exec_strrev Line: 335 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/actionmodifyer.php

Size: 4.10 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 14 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 22 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/scale/admin/menu.php

Size: 1.16 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Exploit php_uname Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine

php_uname('s')

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lang/ua/include/actionsdefinitions.php

Size: 5.84 kB Created: 2022-09-23 14:51:56 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 21 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 22 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lang/ru/include/actionsdefinitions.php

Size: 5.86 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 21 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 22 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lang/en/include/actionsdefinitions.php

Size: 4.46 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 17 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

/var/www/lesiak/lesia.ua/bitrix/modules/scale/include/rolesdefinitions.php

Size: 2.59 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 64 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

Function strrev eval_strrev Line: 68 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

/var/www/lesiak/lesia.ua/bitrix/modules/scale/include/actionsdefinitions.php

Size: 20.57 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 181 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 182 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/socialservices/classes/general/authmanager.php

Size: 47.12 kB Created: 2021-09-03 11:54:22 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Exploit execution Line: 1675 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST[self::OAUTH_PACK_PARAM])

Exploit nano Line: 190 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$service["CLASS"]()

/var/www/lesiak/lesia.ua/bitrix/modules/forum/include.php

Size: 53.67 kB Created: 2021-11-19 17:07:34 Modified: 2024-04-22 10:35:04 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 1770 Warning

Double var technique is usually used for the obfuscation of malicious code

${$sOrderVar}

Exploit double_var2 Line: 1773 Warning

Double var technique is usually used for the obfuscation of malicious code

${$sOrderVarE}

/var/www/lesiak/lesia.ua/bitrix/modules/forum/mail/mail.php

Size: 20.43 kB Created: 2021-09-03 11:53:39 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Exploit execution Line: 658 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/forum/lang/en/mail/mail.php')

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.topic.active/component.php

Size: 18.34 kB Created: 2021-09-03 11:53:50 Modified: 2024-04-22 10:35:05 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 11 Warning

Double var technique is usually used for the obfuscation of malicious code

${$s}

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.index/class.php

Size: 16.87 kB Created: 2021-11-19 17:07:34 Modified: 2024-04-22 10:35:06 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 236 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PAGEN_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.rules/lang/en/component.php

Size: 4.71 kB Created: 2020-09-26 01:20:12 Modified: 2024-04-22 10:35:06 Dangers: 1
DescriptionMatch

Sign 407651f7 Line: 27 Dangerous

Malware Signature (hash: 407651f7)

warez

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.topic.list/component.php

Size: 23.88 kB Created: 2020-12-18 00:01:03 Modified: 2024-04-22 10:35:06 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 244 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PAGEN_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/platon.paysystem/install/index.php

Size: 6.50 kB Created: 2021-04-09 15:36:48 Modified: 2024-04-22 10:35:06 Dangers: 2
DescriptionMatch

Exploit execution Line: 158 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/main/include/prolog_admin_after.php')

Exploit execution Line: 168 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/main/include/epilog_admin.php')

/var/www/lesiak/lesia.ua/bitrix/modules/subscribe/install/index.php

Size: 9.91 kB Created: 2021-09-03 11:53:56 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/subscribe/install/events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/admin/body/form_result_list_handler.php

Size: 5.99 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 178 Warning

Double var technique is usually used for the obfuscation of malicious code

${$var_STATUS}

/var/www/lesiak/lesia.ua/bitrix/modules/form/admin/form_field_edit.php

Size: 29.21 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('function() {FIELD_TYPE_CHANGE(\'' + (rows_count+1) + '\'); jsFormValidatorSettings.UpdateAll();}');
            
arInputs[i].onchange = new Function('FIELD_TYPE_CHANGE(\'' + (rows_count+1) + '\'); jsFormValidatorSettings.UpdateAll();');
        }

        if (
new_name == 'MESSAGE_' + (rows_count+1))
        {
            
arInputs[i].onchange jsFormValidatorSettings.UpdateAll;
        }
    }

    var 
input1 BX.create('INPUT', {
        
props: {
            
type'hidden',
            
name'ANSWER[]',
            
valuerows_count 1
        
}
    }),
        
input2 BX.create('...

/var/www/lesiak/lesia.ua/bitrix/modules/form/options.php

Size: 17.64 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 50 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(data.URL);
        if (!
res)
        {
            var 
proto data.URL.match(/\.bitrix24\./) ? 'https' 'http';

            
data.URL proto '://' data.URL;
            
res r.exec(data.URL);
        }

        if (
res)
        {
            
data.URL_SERVER res[1]+'://'+res[2];
            
data.URL_PATH res[3];
        }
    }

    if (!
data.AUTH_HASH)
    {
        var 
content '<div class="form-crm-settings"><form name="form_'+popup_id+'"><table cellpadding="0" cellspacing="2" border="0"><tr><td align="right"><?=CUtil::JSEscape(GetMessage('FORM_TAB_CRM_ROW_TITLE'))?>:</...

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_cform_old.php

Size: 9.22 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 66 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path.$template)

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformstatus.php

Size: 16.98 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformoutput.php

Size: 33.80 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('?>'.$this->__cache_tpl.'<?'); $strReturn ob_get_contents(); ob_end_clean(); return $strReturn; } else { return false; } } function IncludeFormTemplate() { global $APPLICATION; if ($this->__check_form_cache()) { $APPLICATION->SetTemplateCSS("form/form.css"); $FORM =& $this; eval($this->__cache_tpl); return true; } else { return false; } } function isStatisticIncluded() { return CModule::IncludeModule("statistic"); } function __check_form_cache() { global $CACHE_MANAGER; if ($this->arForm[...

Sign 11413268 Line: 100 Dangerous

Malware Signature (hash: 11413268)

eval('?>

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformfield.php

Size: 20.82 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformanswer.php

Size: 7.65 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callform.php

Size: 64.36 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 2 Dangers: 1
DescriptionMatch

Exploit double_var2 Line: 505 Warning

Double var technique is usually used for the obfuscation of malicious code

${$var}

Exploit double_var2 Line: 515 Warning

Double var technique is usually used for the obfuscation of malicious code

${$var2}

Exploit execution Line: 11 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformvalidator.php

Size: 7.66 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformresult.php

Size: 67.59 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_cformresult_old.php

Size: 6.38 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 71 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path.$template)

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cform.php

Size: 5.69 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformoutput.php

Size: 421.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformanswer.php

Size: 433.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformfield.php

Size: 428.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformvalidator.php

Size: 385.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformstatus.php

Size: 5.42 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformresult.php

Size: 14.89 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/rest/lib/marketplace/transport.php

Size: 3.30 kB Created: 2021-09-03 11:54:37 Modified: 2024-04-22 10:35:08 Dangers: 1
DescriptionMatch

Exploit execution Line: 118 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'] . '/bitrix/license_key.php')

/var/www/lesiak/lesia.ua/bitrix/modules/rest/options.php

Size: 9.51 kB Created: 2021-03-31 19:53:46 Modified: 2024-04-22 10:35:08 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 114 Warning

Double var technique is usually used for the obfuscation of malicious code

${$code}

/var/www/lesiak/lesia.ua/bitrix/modules/highloadblock/lib/highloadblocktable.php

Size: 18.87 kB Created: 2020-12-18 00:01:27 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($eval); } $entity $entity_data_class::getEntity(); $uFields $USER_FIELD_MANAGER->getUserFields(static::compileEntityId($hlblock['ID'])); foreach ($uFields as $uField) { if ($uField['MULTIPLE'] == 'N') { $params = array( 'required' => $uField['MANDATORY'] == 'Y' ); $field $USER_FIELD_MANAGER->getEntityField($uField$uField['FIELD_NAME'], $params); $entity->addField($field); foreach ($USER_FIELD_MANAGER->getEntityReferences($uField$field) as $reference) { $entity->addField($reference...

/var/www/lesiak/lesia.ua/bitrix/modules/conversion/lib/ratemanager.php

Size: 697.00 B Created: 2020-09-26 01:18:51 Modified: 2024-04-22 10:35:09 Dangers: 1
DescriptionMatch

Exploit nano Line: 31 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$type['CALCULATE']($counters)

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/datamanager/iblockelementid_table.php

Size: 2.51 kB Created: 2020-12-07 12:43:42 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('namespace Bitrix\EsolImportxml\DataManager;'."\r\n"'class '.$className.' extends \Bitrix\Main\Entity\DataManager{'."\r\n"'public static function getTableName(){return "b_iblock_element_prop_s'.$IBLOCK_ID.'";}''public static function getMap(){return array(new \Bitrix\Main\Entity\IntegerField("IBLOCK_ELEMENT_ID", array("primary"=>true)));}''}'); static::$arIblockV2PropTable[$IBLOCK_ID] = '\Bitrix\EsolImportxml\DataManager\ElementPropertyV2STable'; } } $className = static::$arIblockV2...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/datamanager/iblockelement.php

Size: 5.61 kB Created: 2021-03-01 14:07:46 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('namespace Bitrix\EsolImportxml\DataManager;'."\r\n"'class ElementProperty'.$arFilter['IBLOCK_ID'].'Table extends ElementPropertyTable{'."\r\n"'public static function getMap(){return parent::getMapForIblock('.$arFilter['IBLOCK_ID'].');}''}'); self::$arIblockClasses[$arFilter['IBLOCK_ID']] = $arFilter['IBLOCK_ID']; } if(count(array_diff($arNeedKeys$arFields))==0) { $mtype 'd7_props'; } else $mtype 'props'; } } } self::$elemListHash[$hash] = $mtype; } $mtype self::$elemListHash[...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/importer_base.php

Size: 78.35 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:09 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 561 Warning

Double var technique is usually used for the obfuscation of malicious code

${$k}

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($expression.';'); } elseif(preg_match('/\$val\s*=/'$expression)) { eval($expression.';'); return $val; } else { return eval('return '.$expression.';'); } }catch(\Exception $ex){ return $altReturn; } } public function ExecuteOnAfterSaveHandler($handler$ID) { try{ eval($handler.';'); }catch(\Exception $ex){} } public function GetPathAttr(&$arPath) { $attr false; if(mb_strpos($arPath[count($arPath)-1], '@')===0) { $attr mb_substr(array_pop($arPath), 1); $attr = \Bitrix\EsolImportxml\Ut...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/mail/mail_header.php

Size: 4.22 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$m'"return \Bitrix\EsolImportxml\MailHeader::ConvertHeader(\$m[1], \$m[2], \$m[3], '".AddSlashes($charset_to)."');"), $str ); } return $str; } function Parse($message_header$charset) { if(preg_match("'content-type:.*?charset=([^\r\n;]+)'is"$message_header$res)) $this->charset strtolower(trim($res[1], ' "')); elseif($this->charset=='' && defined("BX_MAIL_DEFAULT_CHARSET")) $this->charset BX_MAIL_DEFAULT_CHARSET$ar_message_header_tmp explode("\r\n"$message_header...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/importer.php

Size: 265.34 kB Created: 2023-04-13 12:06:37 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$k,$v''return array($k=>$v);'), array_keys($arProductFields), $arProductFields))); } $arProductFields['IBLOCK_ELEMENT.IBLOCK_ID'] = $IBLOCK_ID$arProductFields['!ID'] = $arUpdatedIds$lastElement end($arUpdatedIds); if($this->stepparams['deactivate_element_first'] > 0$arProductFields['>ID'] = $this->stepparams['deactivate_element_first']; if($lastElement $this->stepparams['deactivate_element_last']) $arProductFields['<=ID'] = $lastElement$dbRes = \Bitrix\Catalog\Prod...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Shared/OLERead.php

Size: 9.40 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit hacked_by Line: 306 Dangerous

Hacker credits

Hacked by

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Shared/File.php

Size: 5.19 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Sign 471b95ee Line: 174 Dangerous

Malware Signature (hash: 471b95ee)

Suhosin

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Shared/PCLZip/pclzip.lib.php

Size: 198.09 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 5
DescriptionMatch

Exploit nano Line: 2623 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD$v_local_header)

Exploit nano Line: 2777 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD$v_local_header)

Exploit nano Line: 3700 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT$v_local_header)

Exploit nano Line: 3947 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT$v_local_header)

Sign 963e968a Line: 5679 Dangerous

Malware Signature (hash: 963e968a)

php_uname()

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Reader/CSV.php

Size: 17.73 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec('locale -a | grep ru'$arLocates); if(is_array($arLocates) && count($arLocates) > 0) { foreach($arLocates as $loc) { $arLocates[ToLower($loc)] = $loc; } $locateLower ToLower($locate); if(!isset($arLocates[$locateLower]) && isset($arLocates['russian'])) { $locate $arLocates['russian']; } } setLocale(LC_CTYPE$locate); } $correctSettings true$rowColumns 0$loop 0; while (($rowData $this->fgetcsv($fileHandle)) !== FALSE && $loop 50 && $correctSettings) { if($loop && coun...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Reader/Excel5.php

Size: 227.06 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit hacked_by Line: 6591 Dangerous

Hacker credits

Hacked by

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/sftp.php

Size: 8.13 kB Created: 2021-09-03 11:52:11 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$a,$b''return $a["modify"]>$b["modify"] ? -1 : 1;')); $arFiles array_diff(array_map(create_function('$n''return $n["name"];'), $arFiles), array('.''..')); $dirpath '/'.trim($dirpath).'/'; foreach($arFiles as $k=>$v) { $arFiles[$k] = $dirpath.$v; } } } if(!is_array($arFiles)) { $arFiles ftp_nlist($this->curConnect$dirpath); } } } $this->currentDirPath $path$this->currentDirFiles $arFiles; } return $arFiles; } public function MakeFileArray($path$arParams=arra...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/xml_viewer.php

Size: 33.45 kB Created: 2021-09-03 11:52:12 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$a,$b''return ($a["NAME"] < $b["NAME"]) ? -1 : 1;')); return $arSections; } public function AddSubSectionStruct(&$arSections$parentRow$arXpaths$subsectionXpath$parentTmpId$level) { $rows $this->Xpath($parentRow$subsectionXpath); if(!is_array($rows)) return false; foreach($rows as $row) { $name trim($this->GetStringByXpath($row$arXpaths['NAME'])); $tmpId trim($this->GetStringByXpath($row$arXpaths['TMP_ID'])); $arSections[$tmpId] = array( 'NAME' => $name'...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/importer_hl.php

Size: 75.64 kB Created: 2021-09-03 11:52:12 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($expression.';'); } elseif(preg_match('/\$val\s*=/'$expression)) { eval($expression.';'); return $val; } else { return eval('return '.$expression.';'); } }catch(\Exception $ex){ return $altReturn; } } public function ExecuteOnAfterSaveHandler($handler$ID) { try{ eval($handler.';'); }catch(\Exception $ex){} } public function GetNextRecord($time) { while(isset($this->xmlElements[$this->xmlCurrentRow $this->xmlRowDiff]) || ($this->xmlElementsCount $this->xmlCurrentRow && $this->InitXml...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/field_list.php

Size: 58.09 kB Created: 2021-09-03 11:52:11 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$n''return "OFFER_".$n;'), $removeFields)); foreach($arGroupsTmp as $k2=>$v2) { foreach($v2['items'] as $k=>$v) { if(in_array($k$removeFields)) unset($arGroupsTmp[$k2]['items'][$k]); } } $arGroups = array(); foreach(array('prop''offer_prop') as $groupCode) { if(array_key_exists($groupCode$arGroupsTmp)) { $arGroups[$groupCode] = $arGroupsTmp[$groupCode]; unset($arGroupsTmp[$groupCode]); } } foreach($arGroupsTmp as $groupCode=>$groupVal) { $arGroups[$groupCode] = $groupVal...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/utils.php

Size: 116.87 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Warns: 3
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$k,$v''return "\"".addcslashes($k, "\"")."\":\"".addcslashes($v, "\"")."\"";'), array_keys($arParams['VARS']), array_values($arParams['VARS']))).'}'; } } if(isset($arParams['FILELINK'])) { $path $arParams['FILELINK']; if(!empty($arParams['VARS']) && $arParams['PAGEAUTH']) { $redirectCount 0$location trim($arParams['PAGEAUTH']); while(strlen($location)>&& $redirectCount<=5) { $client = new \Bitrix\Main\Web\HttpClient(array('disableSslVerification'=>true'redirect'=>f...

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($expression.';'); } elseif(preg_match('/\$val\s*=/'$expression)) { eval($expression.';'); return $val; } else { return eval('return '.$expression.';'); } }catch(\Exception $ex){ return $altReturn; } } public static function ShowFilter($sTableID$IBLOCK_ID$FILTER) { global $APPLICATION; \CJSCore::Init('file_input'); $sf 'FILTER'Loader::includeModule('iblock'); $bCatalog Loader::includeModule('catalog'); if($bCatalog) { $arCatalog = \CCatalog::GetByID($IBLOCK_ID); if($arCatalog) { ...

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec('unzip "'.$archiveFn.'" -d '.$tmpsubdir); } elseif($arFile['type']=='application/zip'self::CorrectEncodingForExtractDir($tmpsubdir); } $arFile = array(); if(!is_array($path)) $urlComponents parse_url($path); else $urlComponents = array(); if(isset($urlComponents['fragment']) && strlen($urlComponents['fragment']) > 0) { $fn $tmpsubdir.ltrim($urlComponents['fragment'], '/'); $arFiles = array($fn); if((strpos($fn'*')!==false || (strpos($fn'{')!==false && strpos($fn'}')!==false)) &&...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_group_offproperty.php

Size: 9.96 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['MAP'])

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_cron_settings.php

Size: 15.39 kB Created: 2021-03-01 14:07:46 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($phpPath.' -v'$arPhpLines); if(is_array($arPhpLines) && isset($arPhpLines[0]) && preg_match('/PHP\s*([\d\.]+)/i'$arPhpLines[0], $m) && !isset($arVersions[$m[1]])) { $res $m[1]; } } echo $res; die(); } if(!defined('NO_AGENT_CHECK')) define('NO_AGENT_CHECK'true); require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_before.php"); $moduleId 'esol.importxml'CModule::IncludeModule('iblock'); CModule::IncludeModule($moduleId); IncludeModuleLangFile(__FILE__...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_group_section.php

Size: 6.89 kB Created: 2021-09-03 11:52:11 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['MAP'])

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_field_settings.php

Size: 88.98 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 326 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['POSTSTRUCT'])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$arFieldsParamsInArray = &$P'.$fNameEval.';'); $arFieldsParamsInArray $arFieldParams; } if($_POST['action']) define('PUBLIC_AJAX_MODE''Y'); if($_POST['action']=='export_conv_csv') { $arExtra = array(); \Bitrix\EsolImportxml\Extrasettings::HandleParams($arExtra, array(array('CONVERSION'=>$_POST['CONVERSION'], 'EXTRA_CONVERSION'=>$_POST['EXTRA_CONVERSION'])), false); while(is_array($arExtra) && isset($arExtra[0])) $arExtra $arExtra[0]; $arConv $arExtraConv = array(); if(is_array($arE...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_group_property.php

Size: 10.61 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['MAP'])

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_field_settings_hl.php

Size: 39.00 kB Created: 2021-03-01 14:07:46 Modified: 2024-04-22 10:35:10 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 108 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['POSTSTRUCT'])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$arFieldsParamsInArray = &$P'.$fNameEval.';'); $arFieldsParamsInArray $arFieldParams; } if($_POST['action']=='save' && is_array($_POST['EXTRASETTINGS'])) { define('PUBLIC_AJAX_MODE''Y'); $APPLICATION->RestartBuffer(); if(ob_get_contents()) ob_end_clean(); \Bitrix\EsolImportxml\Extrasettings::HandleParams($PEXTRASETTINGS$_POST['EXTRASETTINGS']); preg_match_all('/\[([_\d]+)\]/'$_GET['field_name'], $keys); $oid 'field_settings_'.$keys[1][0]; $returnJson = (empty($PEXTRASETTINGS[$key...

/var/www/lesiak/lesia.ua/bitrix/modules/bitrixcloud/install/examples/bitrixcloud_backup_list_files.php

Size: 1.04 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/bitrixcloud/install/examples/bitrixcloud_backup_read_file.php

Size: 3.34 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/block.php

Size: 112.12 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('?>' $content '<?'); } catch (\ParseError $e) { $errMessage $this::getMessageBlock([ 'MESSAGE' => Loc::getMessage('LANDING_BLOCK_MESSAGE_ERROR_EVAL') ]); if ($params['wrapper_show']) { echo '<div id="' $anchor '" class="block-wrapper' . (!$this->active ' landing-block-deactive' '') . '">' $errMessage '</div>'; } else { echo $errMessage; } } } } elseif ($this->active || $params['force_unactive']) { static $sysPages null; if ($sysPages === null) { $sysPages = array(); fore...

Sign 11413268 Line: 2654 Dangerous

Malware Signature (hash: 11413268)

eval('?>

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/b24button.php

Size: 5.33 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $code = \htmlspecialcharsbx(trim($this->fields['CODE'])); if ($code != 'N') { Landing\Manager::setPageView'BeforeBodyClose''<script data-skip-moving="true">
                    (function(w,d,u,b){ \'use strict\';
                    var s=d.createElement(\'script\');var r=(Date.now()/1000|0);s.async=1;s.src=u+\'?\'+r;
                    var h=d.getElementsByTagName(\'script\')[0];h.parentNode.insertBefore(s,h);
                })(window,document,\'' 
$code '\');
                </script>' 
); if ($this->fields[...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/up.php

Size: 855.00 B Created: 2020-12-18 00:02:03 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $assets Assets\Manager::getInstance(); $assets->addAsset('landing_upper')

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/pixelvk.php

Size: 1.89 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $counter = \htmlspecialcharsbx(trim($this->fields['COUNTER'])); $counter = \CUtil::jsEscape($counter); if ($counter) { Cookies::addCookieScript'vkp''!function(){
                    var t=document.createElement("script");
                    t.type="text/javascript",
                    t.async=!0,
                    t.src="https://vk.com/js/api/openapi.js?160",
                    t.onload=function(){VK.Retargeting.Init("' 
$counter '"),
                    VK.Retargeting.Hit()},document.head.appendChild(t)
                }();' 
); Manager::...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/view.php

Size: 2.18 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } $type trim($this->fields['TYPE']); $bodyClass ''$mainClasses ''; if ($type === 'ltr') { $bodyClass 'landing-viewtype--ltr'$mainClasses 'g-pt-6 g-px-10 g-pt-30--md g-px-50--md'; } elseif ($type === 'all') { $bodyClass 'landing-viewtype--all'$mainClasses 'g-py-6 g-px-10 g-py-30--md g-px-50--md'; } elseif ($type === 'mobile') { $bodyClass 'landing-viewtype--mobile'$mainClasses 'mx-auto'; } elseif ($type === 'adaptive') { ...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/gmap.php

Size: 1.71 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $code HtmlFilter::encode(trim($this->fields['CODE'])); $assets Asset::getInstance(); $assets->addString"<script defer>
                (function(){
                    'use strict';
                    //fake function, if API will loaded fasten than blocks
                    window.onGoogleMapApiLoaded = function(){}
                })();
            </script>" 
); $assets->addString'<script defer src="https://maps.googleapis.com/maps/api/js?key=' $code '&callback=onGoogleMapApiLoaded"></script>' )

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/robots.php

Size: 1.17 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { return $this->fields['CONTENT']->getValue()

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/theme.php

Size: 10.64 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 2
DescriptionMatch

Exploit concat_vars_array Warning

Concatenation of arrays technique is usually used for the obfuscation of malicious code

$color[0] . $color[1] . $color[1] . $color[2] . $color[2] . $color[3] . $color[3]; }

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void $defaultColors self::getColorCodes(); $request Application::getInstance()->getContext()->getRequest(); if ($request->get('color')) { $colorHex $request->get('color'); } elseif ( ($themeCodeFromRequest $request->get('theme')) && array_key_exists($themeCodeFromRequest$defaultColors) ) { $themeCode $themeCodeFromRequest$colorHex $defaultColors[$themeCodeFromRequest]['color']; } else { $colorHex HtmlFilter::encode(trim($this->fields['COLOR']->getValue())); if (!$colo...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/favicon.php

Size: 2.54 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $picture intval($this->fields['PICTURE']->getValue()); if ($picture 0) { $icons ''$sizes = array('16x16''32x32''96x96'); foreach ($sizes as $size) { list($w$h) = explode('x'$size); $file = \CFile::resizeImageGet( \Bitrix\Landing\File::getFileArray($picture), array( 'width' => $w'height' => $h ), BX_RESIZE_IMAGE_EXACT ); $srcExplode explode('.'$file['src']); $ext array_pop($srcExplode); $icons .= '<link rel="icon" type="image/'...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/settings.php

Size: 8.51 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { } public static function getDataForSite($id null) { static $settings = array(); if (isset($settings[$id])) { return $settings[$id]; } $settings[$id] = array(); if ($id) { $hooks Hook::getData$idHook::ENTITY_TYPE_SITE ); } foreach (self::getDefaultValues() as $key => $defValue) { if (isset($hooks['SETTINGS'][$key])) { $settings[$id][$key] = $hooks['SETTINGS'][$key]; } else { $settings[$id][$key] = $defValue; } } if (!Manager::isB24()) { $settings[$id]['IBLOCK_ID'] = isset($hooks[...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/background.php

Size: 4.06 kB Created: 2021-09-03 11:55:12 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $picture = \htmlspecialcharsbx(trim($this->fields['PICTURE']->getValue())); $color = \htmlspecialcharsbx(trim($this->fields['COLOR']->getValue())); $position trim($this->fields['POSITION']->getValue()); $this->setBackground($picture$color$position); } public static function setBackground(?string $picture, ?string $color null, ?string $position null): void { if ($picture && is_numeric($picture) && (int)$picture 0) { $picture = \htmlspecial...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/copyright.php

Size: 1.12 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Line: 65 Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec()

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/speed.php

Size: 2.74 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if (Landing::getEditMode()) { $this->disableWebpack(); } else { $this->execWebpack(); $this->execLazyLoad(); } } protected function disableWebpack(): void $assets Assets\Manager::getInstance(); $assets->setStandartMode(); } protected function execWebpack(): void $assets Assets\Manager::getInstance(); if ($this->fields['USE_WEBPACK']->getValue() !== 'N') { $assets->setWebpackMode(); } else { $assets->setStandartMode(); } } protected function execLazyLoad(): void { if ($this...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metaog.php

Size: 4.26 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $output ''$files = []; $tags = [ 'title' => \htmlspecialcharsbx(Seo::processValue('title'$this->fields['TITLE'])), 'description' => \htmlspecialcharsbx(Seo::processValue('description'$this->fields['DESCRIPTION'])), 'image' => trim($this->fields['IMAGE']), 'type' => 'website' ]; foreach (['og''twitter'] as $rootTag) { foreach ($tags as $key => $val) { if ($key == 'image' && intval($val) > 0) { $val intval($val); if (!array_key_exists($val,...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/pixelfb.php

Size: 3.67 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $counter null$businessPixel $this->getBusinessPixel(); if ($this->fields['USE']->getValue() === 'Y') { $counter = \htmlspecialcharsbx(trim($this->fields['COUNTER'])); $counter = \CUtil::jsEscape($counter); } if (!$counter || $counter === $businessPixel) { $counter $businessPixel$businessPixel null; } if ($counter) { Cookies::addCookieScript'fbp''!function(f,b,e,v,n,t,s)
                {if(f.fbq)return;n=f.fbq=function(){n.callMethod?
                n.callM...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/gacounter.php

Size: 3.60 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } if ($this->fields['USE']->getValue() != 'Y') { return; } $this->setCounter($this->fields['COUNTER']); $sendData = []; if ($this->fields['SEND_CLICK']->getValue() == 'Y') { $sendData[] = 'click'; } if ($this->fields['SEND_SHOW']->getValue() == 'Y') { $sendData[] = 'show'; } if (!empty($sendData)) { \Bitrix\Landing\Manager::setPageView'BodyTag'' data-event-tracker=\'' json_encode($sendData) . '\'' ); $clickType $this->fields['CLICK_TYPE']->getV...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metamain.php

Size: 2.42 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $title = \htmlspecialcharsbx(Seo::processValue('title'$this->fields['TITLE'])); $description Seo::processValue('description'$this->fields['DESCRIPTION']); $keywords Seo::processValue('keywords'$this->fields['KEYWORDS']); if ($title != '') { Manager::setPageTitle($title); } if ($description != '') { Manager::getApplication()->setPageProperty'description'$description ); } if ($keywords != '') { Manager::getApplication()->setPageProperty( ...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/cssblock.php

Size: 1.73 kB Created: 2020-12-18 00:02:03 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $cssCode trim($this->fields['CODE']); $cssFile trim($this->fields['FILE']); if ($cssCode != '') { echo '<style type="text/css">' $cssCode '</style>'; } if ($cssFile != '') { echo '<link href="' . \htmlspecialcharsbx($cssFile)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metarobots.php

Size: 1.16 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } if (\Bitrix\Landing\Landing::getPreviewMode()) { $use 'N'; } else { $use $this->fields['INDEX']->getValue(); } \Bitrix\Main\Page\Asset::getInstance()->addString'<meta name="robots" content="' . ($use != 'N' 'all' 'noindex') . '" />' )

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/yacounter.php

Size: 2.70 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } if ($this->fields['USE']->getValue() != 'Y') { return; } $this->setCounter($this->fields['COUNTER']); } public static function setCounter(string $counter): void $counter = \htmlspecialcharsbx(trim($counter)); $counter = \CUtil::jsEscape($counter); if (!$counter) { return; } Cookies::addCookieScript'ym''(function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)};
            m[i].l=1*new Date();k=e.createElement(t),a=e.getElements...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/themefonts.php

Size: 10.95 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } $this->setThemeFont(); $this->setHFontTheme(); $this->setSize(); $this->setColors(); $this->setTypo(); } protected function getField(string $name): ?string { if ($field $this->fields[$name]->getValue()) { return HtmlFilter::encode(trim($field)); } return self::getDefaultValues()[$name]; } protected static function getDefaultValues(): array { return [ 'CODE' => 'Open Sans''CODE_H' => 'Open Sans''SIZE' => '1''LINE_HEIGHT' => '1.6''FONT_...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/headblock.php

Size: 2.99 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->isLocked()) { return; } if ($this->execCustom()) { return; } $code trim($this->fields['CODE']); if ($code != '') { self::$lastInsertedCode $code$code str_replace'<script''<script data-skip-moving="true"'$code ); \Bitrix\Main\Page\Asset::getInstance()->addString($code)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/gtm.php

Size: 2.33 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $counter = \htmlspecialcharsbx(trim($this->fields['COUNTER'])); $counter = \CUtil::jsEscape($counter); if ($counter) { Cookies::addCookieScript'gtm''(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({\'gtm.start\':new Date().getTime(),event:\'gtm.js\'});
                var f=d.getElementsByTagName(s)[0],
                j=d.createElement(s),
                dl=l!=\'dataLayer\'?\'&l=\'+l:\'\';
                j.async=true;
                j.src=\'https://www.googletagmanager.com/gtm.js?id=\'+i+dl;
                f.parent...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/cookies.php

Size: 5.15 kB Created: 2021-03-31 19:53:52 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } if ($this->fields['USE']->getValue() == 'Y') { $infoMode $this->isInformationMode(); if (!$infoMode) { self::$enabled trueManager::clearPageView('Noscript'); } ob_start(); Manager::getApplication()->includeComponent'bitrix:landing.cookies''', [ 'USE' => $this->fields['USE']->getValue(), 'POSITION' => $this->fields['POSITION']->getValue(), 'COLOR_BG' => $this->fields['COLOR_BG']->getValue(), 'COLOR_TEXT' => $this->fields['COLOR_TEXT']-...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metagoogleverification.php

Size: 1.47 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $meta trim($this->fields['META']); if (preg_match('#^<meta\s+name="google-site-verification"\s+content="[a-z0-9_\-]+"\s+/*>$#i'$meta)) { Manager::setPageView('BeforeHeadClose'$meta)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/fonts.php

Size: 5.17 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if (!self::$setFonts) { return; } $this->fields['CODE'] = str_replace( ['st yle''onl oad''li nk'], ['style''onload''link'], $this->fields['CODE'] ); $styleFound preg_match_all'#(<noscript>.*?<style.*?data-id="([^"]+)"[^>]*>[^<]+</style>)#is'$this->fields['CODE'], $matches ); $fonts = []; if ($styleFound) { $fonts array_combine($matches[2], $matches[1]); } $this->outputFonts($fonts)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metayandexverification.php

Size: 1.51 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $meta trim($this->fields['META']); if (preg_match('#^<meta\s+name="yandex-verification"\s+content="[a-z0-9_\-]+"\s+/*>$#i'$meta)) { Manager::setPageView('BeforeHeadClose'$meta)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/layout.php

Size: 1.53 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } $breakpoint trim(HtmlFilter::encode($this->fields['BREAKPOINT'])); if(!$breakpoint) { $breakpoint self::DEFAULT_BREAKPOINT; } Manager::setPageView('MainClass''landing-layout-breakpoint--' $breakpoint)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page.php

Size: 4.23 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Line: 273 Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec()

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/mutator.php

Size: 19.38 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Dangers: 2
DescriptionMatch

Sign 99fc3b9d Line: 1 Dangerous

Malware Signature (hash: 99fc3b9d)

$GLOBALS['____

Sign a408f408 Line: 1 Dangerous

Malware Signature (hash: a408f408)

c3RyX

/var/www/lesiak/lesia.ua/bitrix/modules/landing/options.php

Size: 11.98 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 225 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

/var/www/lesiak/lesia.ua/bitrix/modules/landing/install/components/bitrix/landing.start/lang/en/component.php

Size: 5.31 kB Created: 2020-09-26 01:19:36 Modified: 2024-04-22 10:35:16 Dangers: 1
DescriptionMatch

Sign 301ca578 Line: 28 Dangerous

Malware Signature (hash: 301ca578)

Trojan

/var/www/lesiak/lesia.ua/bitrix/modules/seo/lib/businesssuite/serviceadapter.php

Size: 3.09 kB Created: 2021-09-03 11:55:01 Modified: 2024-04-22 10:35:23 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("
                        class 
$serviceWrapperClassName extends Bitrix\Seo\BusinessSuite\ServiceWrapper
                            implements
                                Bitrix\Seo\Retargeting\IService,
                                Bitrix\Seo\Retargeting\IMultiClientService,
                                Bitrix\Seo\BusinessSuite\IInternalService
                        {}
                "
); return $serviceWrapperClassName::getInstance(); } } } public static function loadFacebookService() { if($serviceWrapper Utils\ServicePool::getService([Service::INSTAGRAM_TYPE,Service::FACEBOOK_TYPE])) { return (new static())->se...

/var/www/lesiak/lesia.ua/bitrix/modules/seo/admin/seo_tools.php

Size: 39.47 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:23 Dangers: 4
DescriptionMatch

Exploit execution Line: 105 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_changer_link'])

Exploit execution Line: 109 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_final'])

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_win_changer_link'])

Exploit execution Line: 123 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_win_final'])

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/fileman.php

Size: 72.84 kB Created: 2021-09-03 11:54:02 Modified: 2024-04-22 10:35:24 Dangers: 1
DescriptionMatch

Exploit execution Line: 250 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/fileman/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/admin/fileman_js.php

Size: 1.60 kB Created: 2020-12-18 00:01:02 Modified: 2024-04-22 10:35:24 Dangers: 2
DescriptionMatch

Exploit execution Line: 11 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/'.LANGUAGE_ID.'/admin/fileman_js.php')

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/en/admin/fileman_js.php')

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/admin/fileman_admin.php

Size: 51.10 kB Created: 2021-09-03 11:54:02 Modified: 2024-04-22 10:35:24 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 17 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/admin/fileman_access.php")

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

[https://www.php.net/posix_getpwuid]

posix_getpwuid(fileowner($fnameConverted)); $arrFileGroup posix_getgrgid(filegroup($fnameConverted)); $showField .= " ".$arrFileOwner['name']." ".$arrFileGroup['name']; } } else $showField "&nbsp;"; } $row->AddField("PERMS"$showField); } $showField ""; if (in_array("PERMS_B"$arVisibleColumns)) { $showField "&nbsp;"; if(($USER->CanDoOperation('fileman_view_permissions') || $USER->CanDoOperation('fileman_edit_all_settings')) && $USER->CanDoFileOperation('fm_view_permission'$arPath)) ...

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/options.php

Size: 66.61 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:24 Dangers: 2
DescriptionMatch

Exploit execution Line: 1053 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/'.LANGUAGE_ID.'/admin/fileman_js.php')

Exploit execution Line: 1055 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/en/admin/fileman_js.php')

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/classes/general/editor_utils.php

Size: 8.42 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:24 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($code); echo '#BX_RENDERED_COMPONENT#'$s ob_get_contents(); ob_end_clean(); return $s; } public static function _RenderAllComponents($arParams$bLPA) { global $APPLICATION$USER$s ''$arPHP PHPParser::ParseFile($arParams['source']); $l count($arPHP); if ($l 0) { $new_source ''$end 0$comp_count 0ob_start(); for ($n 0$n<$l$n++) { $src $arPHP[$n][2]; if (mb_substr($src05) == "<?"."php"$src mb_substr($src5); else $src mb_substr($src2); $src m...

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php

Size: 9.56 kB Created: 2021-03-31 19:54:11 Modified: 2024-04-22 10:35:26 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("var result = " data "; "); }
            if (
result['status'] == 'inprogress')
            {
                
document.getElementById('photogallery_recalc').innerHTML result['text'];
                if (
__this_source.bReady == false)
                {
                    
document.getElementById('ButtonPhotoGalleryRecalcStart').disabled false;
                    
document.getElementById('ButtonPhotoGalleryRecalcContinue').disabled false;
                    
document.getElementById('ButtonPhotoGalleryRecalcStop').disabled true;
                }
                else
                {
                    
document.getElementById(...

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list/templates/slider_big/template.php

Size: 16.33 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:35:27 Warns: 1
DescriptionMatch

Function eval Line: 338 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("div.onclick = function(e){jsUtils.PreventDefault(e); jsUtils.Redirect([], '" res[ii].href "');};");
        
res[ii].parentNode.insertBefore(divres[ii]);
        
res[ii].onmouseover = function()
        {
            
this.previousSibling.onshow();
            
this.bxMouseOver 'Y';
        };
        
res[ii].onmouseout = function()
        {
            
this.bxMouseOver 'N';
            var 
__this this;
            
setTimeout(
                function()
                {
                    if (
__this.previousSibling && __this.previousSibling.bxMouseOver != "Y")
                    {
                        
__this.previousSibling...

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery/templates/.default/bitrix/blog.post.comment/photogallery/template.php

Size: 29.88 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:35:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list.ex/templates/.default/template.php

Size: 12.71 kB Created: 2021-11-19 17:07:51 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 110 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*width*/

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list.ex/templates/.default/bitrix/blog.post.comment/photogallery/template.php

Size: 18.81 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:35:28 Dangers: 2
DescriptionMatch

Exploit execution Line: 144 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/lib/gs.php

Size: 20.24 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:28 Dangers: 1
DescriptionMatch

Exploit execution Line: 382 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/license_key.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/phpmorphy/phpmorphy-0.3.7/utils/libs/decorator.php

Size: 6.79 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($this->_createClassCode() . " return true;"); } protected function _createClassCode() { $implements ''$interfaces lmbReflectionHelper :: getInterfaces($this->_class); if(function_exists('spl_classes')) $interfaces array_diff($interfaces, array('Traversable')); if(count($interfaces) > 0$implements 'implements ' implode(', '$interfaces); $code "class " $this->_decorator_class " extends " $this->_decorator_base $implements {\n"$code .= "    function __construct(\$...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/phpmorphy/phpmorphy-0.3.7/bin/build_dict.php

Size: 4.81 kB Created: 2020-09-26 01:19:04 Modified: 2024-04-22 10:35:28 Warns: 2
DescriptionMatch

Function proc_close Warning

Potentially dangerous function `proc_close`

[https://www.php.net/proc_close]

proc_close($handle); if($errorcode) { doError"\n\nCommand '" $cmd .'\' exit with code = ' $errorcode ', error = \'' $stderr '\'' ); } echo "OK.\n"; } function get_locale($xml) { $reader = new XMLReader(); if(false === $reader->open($xml)) { return false; } while($reader->read()) { if($reader->nodeType == XMLReader::ELEMENT) { if($reader->localName === 'locale') { $result $reader->getAttribute('name'); $result strlen($result) ? $result false; break; } } } $reader->close(); retur...

Function proc_open Warning

Potentially dangerous function `proc_open`

[https://www.php.net/proc_open]

proc_open($cmd$desc$pipesnullnull$opts))) { doError('Can`t execute \'' $cmd '\' command'); } if(1) { while(!feof($pipes[1])) { fputs(STDOUTfgets($pipes[1])); } } else { stream_copy_to_stream($pipes[1], STDOUT); } $stderr trim(stream_get_contents($pipes[2])); fclose($pipes[1]); fclose($pipes[2]); $errorcode proc_close($handle); if($errorcode) { doError"\n\nCommand '" $cmd .'\' exit with code = ' $errorcode ', error = \'' $stderr '\'' ); } echo "OK.\n"; } function g...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/fonts/Montserrat-Bold.ufm.php

Size: 42.00 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit base64_long Line: 1965 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'eJzt23WwXEUWwOHThz590cUhJAQCBIi7uxtxQaNoiELcDXeLu7u7u7s7EqK4Lw47Nbx6lbfxbDZUUb+vqvvcPt23b/fMrZqaP1qcnIqesud4l4TyoWOoFgaHLeGr0CnUDLVC1TA7lAn1Q+lQ3TbZZttiW22bbbcdttN22e5QNpQLi8L8sDBUDF+Kl1Ryh6SRLFJWyklVeVDqS0NpIm2knbwgo2WsjJNpskRWy0dyQI7IUfkm1A01Qr2wMjSNCru33Dg33k1zc912t8O97w66791P7jc1jfQ6zam5NY8W0Yp6vzbRptpCW2rnUDv8FOqE5We1w9MKfUKFMCBMDoPC9PBz+CYqGL71zULbsCI8Hb6LioYfwtKQPmSI8oRN4etQOcof0vnmoV0oGgqFYqGS3CQmV0lKuUFSyG2SWgpLVskpBeRReVhqSm1JJ8/Le/KivCzD5K0wV4bIZlkj62WjHJMxWt4NcW+73m60G+RGujFuklvj5rl...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/fonts/Montserrat-Regular.ufm.php

Size: 42.14 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit base64_long Line: 1969 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'eJzt23W01cUWwPE929n7YKMoSCmlgnSZdEk3SthKh3TbTSOpAgrSpVIiSrfSrdjx7MKO93z3HVh3eZ/04+laru9nrfnt38ye38yec35/3PvHkSCHoofM/N5Jnt+LekG/w2f5K17My3l5z+MjPJ/X9EJewpbZclthK22VrbY1ttbW2XrP68V9jD/mT3hhf1mi5JCckleKSDWpLvWlsbSSNtJeekgvuV+myDSZLnNkmayVt+Rt+UD+IV95Gb/Qy/qrXjJRJ/QLk8OUMDvMD5vDlrAnvBm+DPvC9+E3DXqaFtaiWkyv1KpaV1tpa+2gt2svL+XbvLSPP6oTHpZ39wLe2wd6Xx/q231jopZvird5fZ/gtX1zop5v9Sf9bM+QqOozfINflKjhZ8Xm3sDP96x+gReRjGJyumSXcySrnC95pKwUlZJSSm6RpnKd3CCXyH3yqDwgD8kEGeSj5CnZLOvkFdkoH8pUrRLGhP5hWHg6PB7Gh4lhelg...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/fonts/Montserrat-Italic.ufm.php

Size: 42.07 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit base64_long Line: 1965 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'eJzt3HWwHcUSwOGeZnoWd9cQAsEd4u6CS9yVeILGjTjE3RUnLkSJO0kIcXd3efCQ5J06CSnui+flhSrq91Xt9s507+zM7qmtun/sFSeno6fN/NVloWyoFMqFMWFHdHmoHGqHOqFYWBhKh2ahfKhq222H7bRdttv22F7bZ/vtQCgVqoTlYUlYFipEkXhJJPfLw/K05JCc8rrklbJSXirJR1JDGskX8pV8LcNkksyUdbJetshW2R9qhuKhVnRrqBZ96lq5r903bpgb4xa5xW612+gOuV/c72oa6Y36gibT5JpeX9a3tZJW1vf0fa0bqkfXhRphzTmt8IzCsPBOGBVmh9FhXnR9dGXUIrrKtwytwtrQIro6ahVdG1aFLCFr1Dhsi64IJaJmIbNvFVqHAiFvKBgqyq1ico3cIzfLXXKvJJF08oy8IKmluOSXglJYHpWPpZ00lqbST1qFRdJHFsgsmSvzZJt8qbldH9fadXZfuF7uM/elG+R...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/php-svg-lib/src/Svg/Style.php

Size: 18.31 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 434 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/php-css-parser/lib/Sabberworm/CSS/RuleSet/DeclarationBlock.php

Size: 21.81 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 250 Warning

Double var technique is usually used for the obfuscation of malicious code

${$sPosition}

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/php-css-parser/lib/Sabberworm/CSS/Value/Color.php

Size: 3.90 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Warns: 1
DescriptionMatch

Exploit concat_vars_array Warning

Concatenation of arrays technique is usually used for the obfuscation of malicious code

$sValue[0] . $sValue[0] . $sValue[1] . $sValue[1] . $sValue[2] . $sValue[2] . $sValue[3] . $sValue[3]; }

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/src/Options.php

Size: 26.52 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 55 Dangerous

Malware Signature (hash: 11413268)

exploit

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/src/Css/Color.php

Size: 9.55 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 81 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/src/PhpEvaluator.php

Size: 1.31 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($code); } public function render(Frame $frame) { $this->evaluate($frame->get_node()->nodeValue)

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/classes/general/lessc.inc.php

Size: 96.44 kB Created: 2020-09-26 01:19:26 Modified: 2024-04-22 10:35:29 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 2182 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

Function strrev exec_strrev Line: 2111 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cexe

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.gift.main.products/main/template.php

Size: 6.74 kB Created: 2020-09-26 01:19:17 Modified: 2024-04-22 10:35:32 Dangers: 2
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"], "CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"], "CURRENCY_ID" => $arParams["CURRENCY_ID"], "HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"], "TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""), "ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""), "LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""), "OFFER_ADD_PICT_PROP" => (isset($arPara...

Exploit clever_include Line: 78 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
                        "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
                        "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
                        "
HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"],
                        "
TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""),

                        "
ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""),

                        "
LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""),
    ...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/news.detail/news/component_epilog.php

Size: 46.99 kB Created: 2021-11-20 12:57:53 Modified: 2024-04-22 10:35:33 Dangers: 1
DescriptionMatch

Exploit execution Line: 1285 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/component_epilog.php

Size: 68.33 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1404 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1532 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/template.php

Size: 89.22 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1623 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/template.php

Size: 90.81 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1619 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/template.php

Size: 90.38 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1611 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/component_epilog.php

Size: 62.38 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/template.php

Size: 89.71 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1660 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/component_epilog.php

Size: 66.25 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/template.php

Size: 91.74 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1633 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.basket.basket/top_hover/template.php

Size: 5.98 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:35:34 Dangers: 3
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

Exploit execution Line: 51 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 55 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.basket.basket/fly/template.php

Size: 12.60 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:35:34 Dangers: 3
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 81 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.comments/main/bitrix/blog.post.comment/adapt/template.php

Size: 30.93 kB Created: 2020-09-26 01:19:11 Modified: 2024-04-22 10:35:35 Dangers: 2
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.comments/catalog/bitrix/blog.post.comment/adapt/template.php

Size: 34.00 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:35:35 Dangers: 2
DescriptionMatch

Exploit execution Line: 25 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/search.form/top/template.php

Size: 611.00 B Created: 2020-09-26 01:19:10 Modified: 2024-04-22 10:35:35 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/search.title.catalog2.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/public/ru/ajax/form.php

Size: 4.83 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:35:36 Dangers: 1
DescriptionMatch

Exploit execution Line: 33 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/components/aspro/developer.max/class.php

Size: 6.79 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:37 Dangers: 1
DescriptionMatch

Exploit execution Line: 138 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/license_key.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/components/aspro/catalog.smart.filter/component.php

Size: 31.17 kB Created: 2020-09-26 01:19:05 Modified: 2024-04-22 10:35:37 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 613 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/arturgolubev.gmerchant/load/googlemerchant_detail.php

Size: 49.47 kB Created: 2021-11-19 17:17:31 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit execution Line: 594 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['XML_DATA'])

/var/www/lesiak/lesia.ua/bitrix/modules/security/lang/ua/admin/security_antivirus.php

Size: 3.02 kB Created: 2022-09-23 14:51:56 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit file_prepend Line: 16 Dangerous

LFI (Local File Inclusion), prepending a file at the bottom of every others PHP files, allow remote attackers to inject and execute arbitrary commands or code on the target machine

php_value auto_prepend_file

/var/www/lesiak/lesia.ua/bitrix/modules/security/lang/ru/admin/security_antivirus.php

Size: 3.09 kB Created: 2020-09-26 01:19:02 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit file_prepend Line: 15 Dangerous

LFI (Local File Inclusion), prepending a file at the bottom of every others PHP files, allow remote attackers to inject and execute arbitrary commands or code on the target machine

php_value auto_prepend_file

/var/www/lesiak/lesia.ua/bitrix/modules/security/lang/en/admin/security_antivirus.php

Size: 2.24 kB Created: 2020-09-26 01:19:02 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit file_prepend Line: 13 Dangerous

LFI (Local File Inclusion), prepending a file at the bottom of every others PHP files, allow remote attackers to inject and execute arbitrary commands or code on the target machine

php_value auto_prepend_file

/var/www/lesiak/lesia.ua/bitrix/modules/security/lang/en/classes/general/tests/environment.php

Size: 5.08 kB Created: 2020-09-26 01:19:02 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 20 Dangerous

Malware Signature (hash: 11413268)

exploit

/var/www/lesiak/lesia.ua/bitrix/modules/security/lang/en/classes/general/tests/php_configuration.php

Size: 5.02 kB Created: 2020-09-26 01:19:02 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 25 Dangerous

Malware Signature (hash: 11413268)

exploit

/var/www/lesiak/lesia.ua/bitrix/modules/security/classes/general/iprule.php

Size: 30.51 kB Created: 2021-09-03 11:54:19 Modified: 2024-04-22 10:35:38 Dangers: 2
DescriptionMatch

Exploit execution Line: 1240 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/admin/security_403.php")

Exploit execution Line: 977 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/admin/security_403.php')

/var/www/lesiak/lesia.ua/bitrix/modules/security/classes/general/system_information.php

Size: 8.56 kB Created: 2021-09-03 11:54:19 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 387 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

/var/www/lesiak/lesia.ua/bitrix/modules/security/classes/general/post_filter.php

Size: 6.63 kB Created: 2021-03-31 19:53:19 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit download_remote_code2 Line: 163 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($f"\n------------------------------\n\$_SERVER:\n")

/var/www/lesiak/lesia.ua/bitrix/modules/security/classes/general/tests/environment.php

Size: 13.70 kB Created: 2020-09-26 01:19:02 Modified: 2024-04-22 10:35:38 Warns: 1
DescriptionMatch

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

[https://www.php.net/posix_getpwuid]

posix_getpwuid($uid); return sprintf('%s(%s)'$uid['name'], $uid['uid']); } return $uid; } protected static function formatGID($gid) { if(is_callable("posix_getgrgid")) { $gid posix_getgrgid($gid); return sprintf('%s(%s)'$gid['name'], $gid['gid']); } return $gid; } protected static function formatFilePermissions($perms) { if (($perms 0xC000) == 0xC000) { $info 's'; } elseif (($perms 0xA000) == 0xA000) { $info 'l'; } elseif (($perms 0x8000) == 0x8000) { $info '-'; } elseif (($per...

/var/www/lesiak/lesia.ua/bitrix/modules/security/classes/general/event.php

Size: 5.48 kB Created: 2021-03-31 19:52:29 Modified: 2024-04-22 10:35:38 Warns: 1
DescriptionMatch

Function syslog Warning

Potentially dangerous function `syslog`

[https://www.php.net/syslog]

syslog($this->syslogPriority$message); } if ($this->isFileEngineActive) { if (!$message$message $this->messageFormatter->format($auditType$itemName$itemDescription); $message = static::sanitizeMessage($message); $message .= "\n"$savedInFile file_put_contents($this->filePath$messageFILE_APPEND) > 0; } return ($savedInDB || $savedInSyslog || $savedInFile); } public static function getSyslogPriorities() { return static::$syslogPriorities; } public static function getSyslogFaciliti...

/var/www/lesiak/lesia.ua/bitrix/modules/security/classes/general/antivirus.php

Size: 44.35 kB Created: 2021-09-03 11:54:19 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit download_remote_code2 Line: 557 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($f"\n------------------------------\n\$_SERVER:\n")

/var/www/lesiak/lesia.ua/bitrix/modules/security/install/index.php

Size: 10.93 kB Created: 2021-09-03 11:54:19 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Exploit execution Line: 209 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/install/events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/perfmon/admin/perfmon_row_edit.php

Size: 18.78 kB Created: 2021-09-03 11:53:14 Modified: 2024-04-22 10:35:38 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 140 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST["data"])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ".$tokens[$pos][1].";"); $pos++; } elseif ($tokens[$pos][0] === T_LNUMBER || $tokens[$pos][0] === T_DNUMBER || $tokens[$pos][0] === T_CONSTANT_ENCAPSED_STRING) { $result = eval("return ".$tokens[$pos][1].";"); $pos++; } elseif ($tokens[$pos][0] === T_ARRAY) { $pos++; while (isset($tokens[$pos]) && $tokens[$pos][0] === T_WHITESPACE$pos++; if ($tokens[$pos][0] !== "(") return; else $pos++; $result = array(); while (true) { while (isset($tokens[$pos]) && $tokens[$pos][0] === T_WHITES...

/var/www/lesiak/lesia.ua/bitrix/modules/perfmon/admin/perfmon_db_server.php

Size: 31.58 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 632 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/search/default_option.php

Size: 742.00 B Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:38 Dangers: 1
DescriptionMatch

Sign b236d073 Line: 4 Dangerous

Malware Signature (hash: b236d073)

/*;*/

/var/www/lesiak/lesia.ua/bitrix/modules/b24connector/install/components/bitrix/b24connector.button.list/ajax.php

Size: 4.51 kB Created: 2021-11-19 17:08:08 Modified: 2024-04-22 10:35:39 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $this->request Context::getCurrent()->getRequest(); $this->action $this->request->get('action'); $this->prepareRequestData(); if($this->check()) { call_user_func_array($this->getActionCall(), array($this->requestData)); } $this->giveResponse(); } } $controller = new B24CButtonListAjaxController(); $controller->exec()

/var/www/lesiak/lesia.ua/bitrix/modules/bitrix.sitecorporate/install/wizards/bitrix/corp_furniture/scripts/template.php

Size: 14.21 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:40 Dangers: 1
DescriptionMatch

Exploit execution Line: 40 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/modules/bitrix.sitecorporate/install/wizards/bitrix/corp_furniture/scripts/utils.php

Size: 12.37 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:40 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$a, $b''return strcmp($a["SORT"], $b["SORT"]);')); return $arWizardTemplates; } function GetTemplatesPath($path) { $templatesPath $path."/templates"; if (file_exists($_SERVER["DOCUMENT_ROOT"].$templatesPath."/".LANGUAGE_ID)) $templatesPath .= "/".LANGUAGE_ID; return $templatesPath; } function GetServices($wizardPath$serviceFolder ""$arFilter = Array()) { $arServices = Array(); $wizardPath rtrim($wizardPath"/"); $serviceFolder rtrim($serviceFolder"/"); if (LANGU...

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/epilog_auth_admin.php

Size: 1.56 kB Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/interface/lang_files.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/epilog_jspopup_admin.php

Size: 200.00 B Created: 2021-03-31 19:51:39 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/interface/lang_files.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/admin_list.php

Size: 45.58 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(this.form.action[this.form.action.selectedIndex].getAttribute('custom_action'));return false;}" disabled="disabled" class="adm-table-action-button" />
<? endif; ?>
    <span class="
adm-table-counter" id="<?=$this->table_id?>_selected_count"><?=GetMessage('admin_lib_checked')?>: <span>0</span></span>
<? endif; ?>
</div>
<? } public function DisplayList($arParams = array()) { $menu = new CAdminPopup($this->table_id."_menu"$this->table_id."_menu"); $menu->Show(); if ($this->isAjaxDebug()) { ech...

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/epilog_main_admin.php

Size: 3.89 kB Created: 2021-03-31 19:51:39 Modified: 2024-04-22 10:35:41 Dangers: 2
DescriptionMatch

Exploit execution Line: 38 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$siteSupport)

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/interface/lang_files.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/prolog_main_admin.php

Size: 17.92 kB Created: 2021-11-19 17:07:28 Modified: 2024-04-22 10:35:41 Dangers: 3
DescriptionMatch

Exploit execution Line: 118 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$adminHeader)

Exploit execution Line: 269 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_PERSONAL_ROOT."/php_interface/this_site_logo.php")

Exploit execution Line: 282 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/auth/wrapper.php

Size: 5.87 kB Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:41 Dangers: 2
DescriptionMatch

Exploit execution Line: 128 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$siteSupport)

Exploit execution Line: 68 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/interface/auth/wrapper_auth_result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/interface/admin_lib.php

Size: 70.44 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 741 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/admin/.left.menu.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/include.php

Size: 21.15 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:41 Dangers: 3
DescriptionMatch

Sign 99fc3b9d Line: 106 Dangerous

Malware Signature (hash: 99fc3b9d)

$GLOBALS['____

Sign ae7830db Line: 106 Dangerous

Malware Signature (hash: ae7830db)

YXJyYXlf

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

'base64_decode'

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/composite/responder.php

Size: 18.29 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 650 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/cluster/memcache.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/service/microservice/client.php

Size: 1.76 kB Created: 2020-12-18 15:32:39 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 74 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/db/connection.php

Size: 23.85 kB Created: 2021-09-03 11:53:03 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 315 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/mail/eventmessagethemecompiler.php

Size: 10.12 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('use \Bitrix\Main\Mail\EventMessageThemeCompiler; ob_start();?>' $template '<? return ob_get_clean();'); } catch(StopException $e) { ob_clean(); throw $e; } return $result; } protected function addReplaceCallback($identificator$callback) { $this->replaceCallback[$identificator] = $callback; } protected function executeReplaceCallback() { $arReplaceIdentificators = array(); $arReplaceStrings = array(); foreach($this->replaceCallback as $identificator => $callback) { $result call_user...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/finderdest.php

Size: 7.86 kB Created: 2021-11-19 17:07:28 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit nano Line: 142 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$entity['itemId']($prefix$itemId)

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/engine/controller.php

Size: 21.61 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit nano Line: 644 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$config['class']($actionName$this$config)

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/data/connectionpool.php

Size: 6.78 kB Created: 2021-09-03 11:53:03 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 26 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/data/configurator/redisconnectionconfigurator.php

Size: 2.74 kB Created: 2021-03-31 19:53:19 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 76 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/userfield/userfieldaccess.php

Size: 3.13 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit nano Line: 39 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$value[static::SETTINGS_ACCESS_CLASS_KEY]($userId)

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/config/migrator.php

Size: 5.25 kB Created: 2021-09-03 11:53:03 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 28 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/cluster/memcache.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/config/option.php

Size: 9.89 kB Created: 2021-11-19 17:07:50 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 132 Warning

Double var technique is usually used for the obfuscation of malicious code

${$varName}

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/orm/entity.php

Size: 30.53 kB Created: 2021-11-19 17:07:50 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($eval); $entity self::getInstance($entity_name); foreach ($fieldsMap as $k => $v) { $entity->addField($v$k); } return $entity; } public static function compileEntity($entityName$fields null$parameters = array()) { $classCode ''$classCodeEnd ''; if (strtolower(substr($entityName, -5)) !== 'table') { $entityName .= 'Table'; } if (!preg_match('/^[a-z0-9_]+$/i'$entityName)) { throw new Main\ArgumentException(sprintf'Invalid entity className `%s`.'$entityName )); } $fullEnt...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/orm/query/query.php

Size: 94.85 kB Created: 2021-09-03 11:53:47 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $this->is_executing true$query $this->buildQuery(); $cacheId ""$ttl 0$result null; if($this->cacheTtl && (empty($this->join_map) || $this->cacheJoins == true)) { $ttl $this->entity->getCacheTtl($this->cacheTtl); } if($ttl 0) { $cacheId md5($query); $result $this->entity->readFromCache($ttl$cacheId$this->countTotal); } if($result === null) { $result $this->query($query); if($ttl 0) { $result $this->entity->writeToCache($result$cacheId$this->count...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/orm/annotations/annotationtrait.php

Size: 20.31 kB Created: 2021-11-19 17:07:28 Modified: 2024-04-22 10:35:41 Warns: 3
DescriptionMatch

Exploit double_var2 Line: 351 Warning

Double var technique is usually used for the obfuscation of malicious code

${$lName}

Exploit double_var2 Line: 490 Warning

Double var technique is usually used for the obfuscation of malicious code

${$objectVarName}

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec()"; $code[] = "\* @method {$objectClassfetchObject()"; $code[] = "\* @method {$collectionClassfetchCollection()"; $code[] = "\*"; $code[] = "\Custom methods:"; $code[] = "\* ---------------"; $code[] = "\*"; foreach (get_class_methods($dataClass) as $method) { if (substr($method, 0, 4) === 'with') { $reflectionMethod = new ReflectionMethod($dataClass$method); if ($reflectionMethod->isStatic()) { $arguments = []; foreach (array_slice($reflectionMethod->getParameters(), 1)...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/ui/fileinputreceiver.php

Size: 2.07 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $this->getAgent()->checkPost()

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/ui/fileinputunclouder.php

Size: 3.02 kB Created: 2020-09-26 01:20:39 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($mode "basic"$params = array()) { $res $this->check($params); if ($this->check($params)) { $this->file = \CFile::getByID($this->id)->fetch(); if ($mode == "resize" && ($file = \CFile::ResizeImageGet($this->id$paramsBX_RESIZE_IMAGE_PROPORTIONALtruefalsetrue)) && $file) { $this->file["SRC"] = $file["src"]; $this->file["WIDTH"] = $file["width"]; $this->file["HEIGHT"] = $file["height"]; $this->file["FILE_SIZE"] = $file["size"]; } \CFile::ViewByUser($this->file, array("force_down...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/userconsent/internals/componentcontroller.php

Size: 1.99 kB Created: 2020-09-26 01:20:39 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $this->request Context::getCurrent()->getRequest(); $this->action $this->request->get('action'); $this->prepareRequestData(); if($this->check()) { call_user_func_array($this->getActionCall(), array($this->requestData)); } $this->giveResponse()

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/userconsent/consent.php

Size: 5.62 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:41 Dangers: 2
DescriptionMatch

Exploit nano Line: 157 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$provider['DATA']($originId)

Exploit nano Line: 225 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$provider['ITEMS']($item['VALUE'])

/var/www/lesiak/lesia.ua/bitrix/modules/main/lib/modulemanager.php

Size: 3.03 kB Created: 2020-09-26 01:20:39 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 54 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin_tools.php

Size: 24.34 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:41 Dangers: 3
DescriptionMatch

Exploit execution Line: 199 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$root.$init."/.description.php")

Exploit execution Line: 251 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path_mod."/".$file_templ."/.description.php")

Exploit execution Line: 285 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path."/".$folder_name."/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/message_admin.php

Size: 13.52 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 68 Warning

Double var technique is usually used for the obfuscation of malicious code

${$f}

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/checklist_detail.php

Size: 15.86 kB Created: 2021-03-31 19:53:19 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("(" +data+")");
                var 
show_result false;
                var 
buttons BX.findChildren(BX('checklist-popup-tes-status'), {className:'checklist-popup-tes-status'});
                if (
json_data.STATUS || stoptest == true)
                {
                    if (
json_data.STATUS)
                    {
                        
BX("show_detail_link").style.display "none";
                        
BX("detail_system_comment_<?=$jsTestID;?>").innerHTML "";
                        
currentStatus json_data.STATUS;
                        
RefreshCheckList(json_data);
                        for(var 
i=0i<buttons.lengthi++)
                        
BX.removeCl...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/checklist_report.php

Size: 18.83 kB Created: 2020-12-18 00:01:34 Modified: 2024-04-22 10:35:41 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 25 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/lang/".LANG."/admin/checklist.php")

Function eval Line: 305 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(<?=$arStates;?>);
        var Dialog = false;
        var current = 0;
        var next = 0;
        var prev = 0;
        var last_id = false;
        function InitState()
        {
            var el = false;
            for (var i=0;i<arStates["SECTIONS"].length;i++)
            {
                el = arStates["SECTIONS"][i];
                if (el.CHECKED == "Y")
                    BX.addClass(BX(el.ID+"_name"),"checklist-testlist-green");
                BX(el.ID+"_stat").innerHTML = "(<span class=\"checklist-testlist-passed-test\">"+el.CHECK+"</span>/"+el.TOTAL+")";
            }
            for (i=0;i<arStates["POINTS...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/dump.php

Size: 46.60 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(result))
            
counter_sec regs[1];
    }
}

function 
IncCounter()
{
    
window.setTimeout(IncCounter1000);
    if (!
counter_started)
        return;

    
counter_sec ++;
    var 
ob;
    if (
ob BX('counter_field'))
    {
        var 
min Math.floor(counter_sec 60);
        var 
sec counter_sec 60;
        if (
min 10)
            
min '0' min;
        if (
sec 10)
            
sec '0' sec;
        
ob.innerHTML min ':' sec;
    }
}
window.setTimeout(IncCounter1000);

function 
GetLicenseInfo()
{
    
CHttpRequest.Action = function(result)
    {
        
BX('...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/userfield_edit.php

Size: 18.67 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(i);
            if (
&& r[1] > 0)
            {
                
addNewRow('list_table');
            }
        }

    });

});
//-->
</script>
<? 
$formAction $APPLICATION->GetCurPage(); $formAction $adminSidePanelHelper->setDefaultQueryParams($formAction); ?>
<form method="POST" action="<?=$formAction?>" ENCTYPE="multipart/form-data" name="post_form">
<? $tabControl->Begin(); ?>
<? $tabControl
->BeginNextTab(); ?>
    <?if($ID):?>
    <tr>
        <td width="40%">ID:</td>
        <td width="60%"><?=$ID?></td>
    </tr>
    <?endif?>
    <tr class="adm-detail-r...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/checklist.php

Size: 44.47 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(<?=$arStates;?>);
        var DetailWindow = false;
        var arMainStat ={
            "REQUIRE":<?=$arStat["REQUIRE"];?>,
            "REQUIRE_CHECK":<?=$arStat["REQUIRE_CHECK"];?>,
            "FAILED":<?=$arStat["FAILED"];?>,
            "SUCCESS":<?=$arStat["CHECK"];?>,
            "SUCCESS_R":<?=$arStat["CHECK_R"];?>,
            "TOTAL":<?=$arStat["TOTAL"];?>
        };
        var arRequireCount=<?=$arStat["REQUIRE"];?>;
        var arRequireCheckCount=<?=$arStat["REQUIRE_CHECK"];?>;
        var arFailedCount = <?=$arStat["FAILED"];?>;
        var CanClose = "<?=$arCanClose;...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/site_checker.php

Size: 31.12 kB Created: 2021-09-03 11:53:42 Modified: 2024-04-22 10:35:41 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 213 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['global_test_vars'])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(result);

                var 
oTable BX('fix_table');
                if (
oRow BX('in_progress'))
                {
                    
oCell oRow.cells[1];
                }
                else
                {
                    
oRow oTable.insertRow(-1);
                    
oCell oRow.insertCell(-1);
                    
oCell.style.width '40%';
                    
oCell.innerHTML strCurrentTestName;
                    
oCell oRow.insertCell(-1);
                }

                if (
strResult == '')
                {
                    
oRow.setAttribute('id''in_progress');
                    
oCell.innerHTML '<div class="sc_progress" style="width:' test_percent '%">' test_percent ...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/component_install.php

Size: 2.53 kB Created: 2020-12-18 00:01:34 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 67 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$actionFile)

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/group_edit.php

Size: 23.09 kB Created: 2021-11-19 17:07:30 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.form1.USER_ID_FROM_" id);
                var 
ed1 = eval("document.form1.USER_ID_TO_" id);
                
ed.disabled = !obj.checked;
                
ed1.disabled = !obj.checked;
            }
            </
script>
            <? 
$ind = -1$dbUsers CUser::GetList("id""asc", array("ACTIVE" => "Y")); while ($arUsers $dbUsers->Fetch()) { $ind++; ?>
                <tr>
                    <td>
                        <input type="hidden" name="USER_ID_<?=$ind?>" value="<?=$arUsers["ID"?>">
                        <input type="checkbox" name="USER_ID_ACT_<?=$ind?>" id="USER_ID_ACT_ID_<?=$ind?>"...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/php_command_line.php

Size: 11.03 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($query); ob_end_flush(); printf("<hr>".GetMessage("php_cmd_exec_time")." %0.6f"microtime(1) - $stime); } require($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin_js.php"); die(); } $APPLICATION->SetTitle(GetMessage("php_cmd_title")); CJSCore::Init(array('ls')); if( $_SERVER['REQUEST_METHOD'] == 'POST' && $_POST["ajax"] === "y" && (isset($_POST["add"]) || $remove) ) { CUtil::JSPostUnescape(); require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_a...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/index.php

Size: 634.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:41 Dangers: 2
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/prolog_admin_after.php")

Exploit execution Line: 15 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/dump_list.php

Size: 15.67 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(result);
            
PartDownload();
        }
        
CHttpRequest.Send(url);
    }

    function 
PartDownload()
    {
        if (!
links || links.length == 0)
            return;

        var 
link links.pop();
        var 
iframe document.createElement('iframe');
        
iframe.style.display "none";
        
iframe.src link;
        
document.body.appendChild(iframe);

        
window.setTimeout(PartDownload10000);
    }

    function 
EndDump()
    {
    }
</
script>
<
div id="dump_result_div"></div>
<? 
$lAdmin->DisplayList(); echo BeginNote(); echo GetMessage("MAIN_DUMP_HEAD...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/main_controller.php

Size: 8.76 kB Created: 2020-12-18 00:01:34 Modified: 2024-04-22 10:35:41 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($oRequest->arParameters['join_command']); $oResponse->status "200 OK"; } else { $oResponse->status "472 Bad Request"$oResponse->text GetMessage("MAIN_ADM_CONTROLLER_ERR8"); } } elseif(!$oRequest->Check()) { $oResponse->status "403 Access Denied"$oResponse->text "Access Denied"; } else { switch($oRequest->operation) { case "ping"$oResponse->status "200 OK"; break; case "register"$ticket_id COption::GetOptionString("main""controller_ticket"""); list($ticket_created, ...

/var/www/lesiak/lesia.ua/bitrix/modules/main/admin/update_system_market.php

Size: 29.23 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 88 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/admin/update_system_market_notru.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/spread.php

Size: 1.81 kB Created: 2021-11-19 17:07:28 Modified: 2024-04-22 10:35:42 Dangers: 1
DescriptionMatch

Exploit execution Line: 21 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_GET['s'])

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/ua/admin/site_checker.php

Size: 80.01 kB Created: 2022-09-23 14:51:56 Modified: 2024-04-22 10:35:42 Dangers: 2
DescriptionMatch

Sign 471b95ee Line: 295 Dangerous

Malware Signature (hash: 471b95ee)

suhosin

Sign 471b95ee Line: 570 Dangerous

Malware Signature (hash: 471b95ee)

SUHOSIN

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/ru/admin/site_checker.php

Size: 81.79 kB Created: 2021-09-03 11:53:41 Modified: 2024-04-22 10:35:42 Dangers: 2
DescriptionMatch

Sign 471b95ee Line: 117 Dangerous

Malware Signature (hash: 471b95ee)

SUHOSIN

Sign 471b95ee Line: 118 Dangerous

Malware Signature (hash: 471b95ee)

suhosin

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/en/admin/update_system.php

Size: 20.34 kB Created: 2022-09-23 14:51:10 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (in other wordsno updates may be available). If any of the module updates are availableplease install them first."; $MESS["SUP_SUBS_MED"] = "Downloaded source code for"; $MESS["SUP_SUBS_SOURCES"] = "Download source code"; $MESS["SUP_SUBS_SUCCESS"] = "The source code has been downloaded successfully"; $MESS["SUP_SUBS_SUPPORT"] = "System Area"; $MESS["SUP_SUBT_AGREE"] = "I accept the license agreement"; $MESS["SUP_SUBT_ERROR_LICENCE"] = "Error accepting the license agreement"; $MESS["SU...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/en/admin/site_checker.php

Size: 51.69 kB Created: 2021-09-03 11:53:41 Modified: 2024-04-22 10:35:43 Dangers: 2
DescriptionMatch

Sign 471b95ee Line: 398 Dangerous

Malware Signature (hash: 471b95ee)

suhosin

Sign 471b95ee Line: 573 Dangerous

Malware Signature (hash: 471b95ee)

SUHOSIN

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/en/classes/general/update_update.php

Size: 22.66 kB Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (in other wordsno updates may be available). If any of the module updates are availableplease install it first."; $MESS["SUP_SRC_ACT_ALT"] = "Download source code"; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_SITES_PROMT"] = "You cannot create more than #NUM# site#END# using this kernel according to your license. If you need more sites, you can buy them any time. After you have purchased the additional sites, you will have to add them to the system."; $MESS["SUP_SITES_AC...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/en/classes/general/update_client.php

Size: 24.45 kB Created: 2022-09-23 14:51:10 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (in other wordsno updates may be available). If any of the module updates are availableplease install it first."; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_CHECK_PROMT"] = "You can create not more than #NUM# site(s) based on this kernel according to your license."; $MESS["SUP_CHECK_PROMT_2"] = "You can create an unlimited number of websites using this product installation."; $MESS["SUP_CHECK_PROMT_21"] = "You can add unlimited number of users for the current product co...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/en/classes/general/update_update5.php

Size: 25.89 kB Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (in other wordsno updates may be available). If any of the module updates are availableplease install it first."; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_CHECK_PROMT"] = "You can create not more than #NUM# site(s) based on this kernel according to your license."; $MESS["SUP_CHECK_PROMT_2"] = "You can create an unlimited number of wesbsites using this product installation."; $MESS["SUP_CHECK_PROMT_1"] = "You can extend your period of technical support, purchase additi...

/var/www/lesiak/lesia.ua/bitrix/modules/main/lang/en/classes/update_client.php

Size: 24.45 kB Created: 2021-03-31 19:53:24 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (in other wordsno updates may be available). If any of the module updates are availableplease install it first."; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_CHECK_PROMT"] = "You can create not more than #NUM# site(s) based on this kernel according to your license."; $MESS["SUP_CHECK_PROMT_2"] = "You can create an unlimited number of websites using this product installation."; $MESS["SUP_CHECK_PROMT_21"] = "You can add unlimited number of users for the current product co...

/var/www/lesiak/lesia.ua/bitrix/modules/main/include/prolog_after.php

Size: 4.72 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:43 Dangers: 3
DescriptionMatch

Exploit execution Line: 34 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

Exploit execution Line: 85 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$siteClosed)

Exploit execution Line: 93 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/site_closed.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/include/urlrewrite.php

Size: 5.02 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:43 Dangers: 2
DescriptionMatch

Exploit execution Line: 170 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/admin/404.php")

Exploit execution Line: 60 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT']."/urlrewrite.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/zip.php

Size: 66.39 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:43 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$res = '.$arParams['callback_pre_add'].'(\'callback_pre_add\', $arLocalHeader);'); if ($res == 0) { $arHeader['status'] = "skipped"$res 1; } if ($arHeader['stored_filename'] != $arLocalHeader['stored_filename']) { $arHeader['stored_filename'] = $this->_reducePath($arLocalHeader['stored_filename']); } } if ($arHeader['stored_filename'] == "") { $arHeader['status'] = "filtered"; } if (mb_strlen($arHeader['stored_filename']) > 0xFF) { $arHeader['status'] = 'filename_too_long'; } if ($arHe...

Sign 963e968a Line: 2567 Dangerous

Malware Signature (hash: 963e968a)

php_uname()

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/component_template.php

Size: 31.95 kB Created: 2021-09-03 11:53:43 Modified: 2024-04-22 10:35:43 Dangers: 3
DescriptionMatch

Exploit execution Line: 784 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$this->__fileAlt)

Exploit execution Line: 790 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$this->__file)

Exploit execution Line: 947 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$this->__folder."/result_modifier.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/vuln_scanner.php

Size: 64.53 kB Created: 2021-03-31 19:53:18 Modified: 2024-04-22 10:35:43 Dangers: 1
DescriptionMatch

Sign f9dc0a55 Line: 1969 Dangerous

Malware Signature (hash: f9dc0a55)

'base64_decode'

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/main.php

Size: 120.86 kB Created: 2021-11-19 17:07:30 Modified: 2024-04-22 10:35:43 Warns: 2 Dangers: 8
DescriptionMatch

Exploit double_var2 Line: 224 Warning

Double var technique is usually used for the obfuscation of malicious code

${$key}

Exploit execution Line: 1399 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path)

Exploit execution Line: 208 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/prolog_admin_after.php")

Exploit execution Line: 210 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin.php")

Exploit execution Line: 296 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/prolog".$isAdmin"_after.php")

Exploit execution Line: 313 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/interface/auth/wrapper.php")

Exploit execution Line: 323 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog".$isAdmin.".php")

Exploit silenced_eval Line: 4501 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine

@eval("return ".$strCondition.";")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("?>".$fTmp->GetContents()); } $FILE_PERM $PERM[$path_file]; if(!is_array($FILE_PERM)) $FILE_PERM = array(); if(!$bOverWrite && count($FILE_PERM)>0) return true$bDiff false$str="<?\n"; foreach($arPermissions as $group=>$perm) { if($perm <> ''$str .= "\$PERM[\"".EscapePHPString($path_file)."\"][\"".EscapePHPString($group)."\"]=\"".EscapePHPString($perm)."\";\n"; if(!$bDiff) { $curr_perm $FILE_PERM[$group]; if(!isset($curr_perm) && preg_match('/^G[0-9]+$/'$group)) $curr_perm $F...

Sign 11413268 Line: 1600 Dangerous

Malware Signature (hash: 11413268)

eval("?>

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/update_client_partner.php

Size: 74.48 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 563 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/database.php

Size: 31.80 kB Created: 2021-11-19 17:07:50 Modified: 2024-04-22 10:35:43 Warns: 1 Dangers: 2
DescriptionMatch

Exploit double_var2 Line: 988 Warning

Double var technique is usually used for the obfuscation of malicious code

${$SHOWALL_NAME}

Exploit execution Line: 151 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_PERSONAL_ROOT."/php_interface/dbconn_error.php")

Function strrev eval_strrev Line: 36 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/checklist.php

Size: 39.66 kB Created: 2021-11-19 17:07:30 Modified: 2024-04-22 10:35:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 311 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arPoint["FILE_PATH"])

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/operation.php

Size: 3.51 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 110 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path)

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/site_checker.php

Size: 92.10 kB Created: 2021-11-19 17:08:00 Modified: 2024-04-22 10:35:43 Warns: 1 Dangers: 3
DescriptionMatch

Exploit execution Line: 3003 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/license_key.php')

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec('catdoc -V'$output$return_var); if ($return_var === 0) { $version $output[0]; if (strpos($version'0.94.4') !== false || strpos($version'0.94.3') !== false$strError .= GetMessage('MAIN_CATDOC_WARN', array('#VERSION#' => $version)); } } return $this->Result(false$strError); } function check_fast_download() { $tmp $_SERVER['DOCUMENT_ROOT'].'/bitrix/tmp/success.txt'; if (!CheckDirPath($tmp) || !file_put_contents($tmp'SUCCESS')) return $this->Result(falseGetMessage("MAIN_TMP_...

Sign 471b95ee Line: 554 Dangerous

Malware Signature (hash: 471b95ee)

suhosin

Sign 471b95ee Line: 556 Dangerous

Malware Signature (hash: 471b95ee)

SUHOSIN

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/update_list.php

Size: 1.20 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("parent."+this.name+"_"+str);
    }
    catch(
e){}
}
</
script>

</
head>
<
body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="white">

<
table width="100%" border="0" id="updates_items">
</
table>

</
body>
</
html>
<? require(
$_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_after.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/task.php

Size: 12.81 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 450 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path)

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/jscore.php

Size: 16.99 kB Created: 2021-09-03 11:53:41 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(ua) != null)
                        {
                            
rv parseFloat(RegExp.$1);
                        }
                    }
                    else if (
n.appName == "Netscape")
                    {
                        
rv 11;
                        
re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");
                        if (
re.exec(ua) != null)
                        {
                            
rv parseFloat(RegExp.$1);
                        }
                    }
                }

                return 
rv;
            }

        })(
windowdocumentnavigator);
JS;
return 
'<script type="text/javascript" data-skip-moving="true">'.str_replace(array("\n""\t"), ""$js)."</script>"; } public stat...

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/update_update.php

Size: 89.67 kB Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("DescrDetList_"+sModule));
            
wnd.document.write('</font>');
            
wnd.document.write('\n</body></html>');
        }
        
//-->
        
</script>

        <
table border="0" cellspacing="1" cellpadding="2" width="99%">
        <
tr>
            <
td align="center" class="tablehead1"><font class="tableheadtext"><?= GetMessage("SUP_HIST_DATE"?></font></td>
            <td align="center" class="tablehead2"><font class="tableheadtext"><?= GetMessage("SUP_HIST_DESCR"?></font></td>
            <td align="center" class="tablehead3"><font class="tablehe...

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/update_class.php

Size: 151.28 kB Created: 2022-09-23 14:51:10 Modified: 2024-04-22 10:35:43 Warns: 1 Dangers: 3
DescriptionMatch

Exploit execution Line: 3840 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

Exploit silenced_eval Line: 3314 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine

@eval("\$path=".$str_fill_path_value_2.$path."((\$by=\"\")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("\$path=".$str_fill_path_value_2.$path."((\$by=\"\"),(\$order=\"\"),array(\"ACTIVE\"=>\"Y\"));\$cnt=0;while(\$ar_"."res=\$path->Fe"."tch())\$cnt++;"); return $cnt;} } public static function GetModuleVersion($module) { if ($module == '') return false$strModule_tmp_dir $_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module; if (file_exists($strModule_tmp_dir) && is_dir($strModule_tmp_dir)) { if ($module != "main") { if (file_exists($strModule_tmp_dir."/install/index.php")) { $arModule_tmp_i...

Sign 696317c4 Line: 3314 Dangerous

Malware Signature (hash: 696317c4)

@eval("\

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/component.php

Size: 41.87 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:43 Dangers: 2
DescriptionMatch

Exploit execution Line: 1488 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$epilogFile)

Exploit execution Line: 607 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$this->__path."/component.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/component_util.php

Size: 48.93 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:43 Dangers: 6
DescriptionMatch

Exploit execution Line: 1011 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/.parameters.php")

Exploit execution Line: 1109 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolderPath."/".$file1."/.description.php")

Exploit execution Line: 184 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$componentFolder."/".$file."/.description.php")

Exploit execution Line: 253 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$componentFolder."/".$file."/".$file1."/.description.php")

Exploit execution Line: 427 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$componentPath."/.description.php")

Exploit execution Line: 478 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$componentPath."/.parameters.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/controller_member.php

Size: 41.55 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:43 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 1060 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['parameters'])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($disconnect_command); COption::SetOptionString("main""controller_member""N"); } public static function GetBackup($bRefresh false) { static $arCachedData; if(!isset($arCachedData) || $bRefresh$arCachedData unserialize(COption::GetOptionString("main""~controller_backup"""), ['allowed_classes' => false]); return $arCachedData; } public static function SetBackup($arBackup) { COption::SetOptionString("main""~controller_backup"serialize($arBackup)); CControllerClient::GetBackup(...

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/update_client.php

Size: 262.01 kB Created: 2022-09-23 14:51:10 Modified: 2024-04-22 10:35:43 Warns: 2 Dangers: 14
DescriptionMatch

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'X1VwZGF0ZVN5c3RlbScpLCAwLCAxMDI0KTsKICAgICAgICAgICAgICAgICAgICBteV9yZXN1bHQ6PWRibXNfbG9jay5yZXF1ZXN0KG15X2xvY2tfaWQsIGRibXNfbG9jay54X21vZGUsIDAsIHRydWUpOwogICAgICAgICAgICAgICAgICAgIC0tICBSZXR1cm4gdmFsdWU6CiAgICAgICAgICAgICAgICAgICAgLS0gICAgMCAtIHN1Y2Nlc3MKICAgICAgICAgICAgICAgICAgICAtLSAgICAxIC0gdGltZW91dAogICAgICAgICAgICAgICAgICAgIC0tICAgIDIgLSBkZWFkbG9jawogICAgICAgICAgICAgICAgICAgIC0tICAgIDMgLSBwYXJhbWV0ZXIgZXJyb3IKICAgICAgICAgICAgICAgICAgICAtLSAgICA0IC0gYWxyZWFkeSBvd24gbG9jayBzcGVjaWZpZWQgYnk...

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER[___2004114878(2616)

Exploit silenced_eval Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine

@eval($GLOBALS['____532966891'][885](array('<?php''<?''?>')

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($_2050654504); else $_142990392___2004114878(134);} catch(Exception $_1248255356){ $_142990392___2004114878(135).$_1248255356->getCode().___2004114878(136).$_1248255356->getMessage();} $_780886862 .= ___2004114878(137).$GLOBALS['____532966891'][51]($_1521666697[___2004114878(138)][___2004114878(139)]).___2004114878(140).$GLOBALS['____532966891'][52]($_142990392);}} if(empty($_716086593)){ CUpdateClient::AddMessage2Log($GLOBALS['____532966891'][53](___2004114878(141), ___2004114878(142),...

Sign 7830f7a6 Line: 1 Dangerous

Malware Signature (hash: 7830f7a6)

N5c3Rlb

Sign 7f5d33bf Line: 1 Dangerous

Malware Signature (hash: 7f5d33bf)

JlcGxhY2

Sign 91535293 Line: 1 Dangerous

Malware Signature (hash: 91535293)

ldmFs

Sign 963e968a Line: 1 Dangerous

Malware Signature (hash: 963e968a)

pbmNsdWRl

Sign 99fc3b9d Line: 1 Dangerous

Malware Signature (hash: 99fc3b9d)

$GLOBALS['____

Sign a408f408 Line: 1 Dangerous

Malware Signature (hash: a408f408)

c3RyX

Sign ae7830db Line: 1 Dangerous

Malware Signature (hash: ae7830db)

Y2xvc2

Sign d30fc49e Line: 1 Dangerous

Malware Signature (hash: d30fc49e)

b3Blb

Sign d97f004d Line: 1 Dangerous

Malware Signature (hash: d97f004d)

ZXhlYy

Sign de12c454 Line: 1 Dangerous

Malware Signature (hash: de12c454)

vcGVu

Sign ee1cb326 Line: 1 Dangerous

Malware Signature (hash: ee1cb326)

9wZW

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

'base64_decode'

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/update_b24.php

Size: 12.22 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function syslog Warning

Potentially dangerous function `syslog`

[https://www.php.net/syslog]

syslog(LOG_INFO$_SERVER["HTTP_HOST"]."\tstart\t".$moduleId.$arUpdaters[$i1][0]); CUpdateClient::RunUpdaterScript($this->updatersDir.$moduleId.$arUpdaters[$i1][0], $errorMessageTmp""$moduleId); syslog(LOG_INFO$_SERVER["HTTP_HOST"]."\tend\t".$moduleId.$arUpdaters[$i1][0]."\t".$errorMessageTmp); if ($errorMessageTmp <> '') { $errorMessage .= str_replace("#MODULE#"$moduleIdstr_replace("#VER#"$arUpdaters[$i1][1], GetMessage("SUPP_UK_UPDN_ERR"))).": ".$errorMessageTmp."."; } $this->Colle...

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/general/menu.php

Size: 15.60 kB Created: 2020-12-18 15:32:39 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ".$CONDITION.";"))) $bSkipMenuItem true; } if(!$bSkipMenuItem$ITEM_INDEX++; if(($pos mb_strpos($LINK"?"))!==false$ITEM_TYPE "U"; elseif(mb_substr($LINK, -1) == "/"$ITEM_TYPE "D"; else $ITEM_TYPE "P"$SELECTED false; if($bCached) { $all_links $arMenuCache[$iMenuItem]["LINKS"]; if(!is_array($all_links)) $all_links = array(); } else { $all_links = array(); if(is_array($ADDITIONAL_LINKS)) { foreach($ADDITIONAL_LINKS as $link) { $tested_link trim(Rel2Abs($this->M...

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/mysql/database.php

Size: 23.48 kB Created: 2021-11-19 17:07:50 Modified: 2024-04-22 10:35:43 Warns: 1 Dangers: 2
DescriptionMatch

Exploit double_var2 Line: 684 Warning

Double var technique is usually used for the obfuscation of malicious code

${$varnameFrom}

Exploit execution Line: 212 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_PERSONAL_ROOT."/php_interface/dbquery_error.php")

Function strrev eval_strrev Line: 133 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/main/classes/mysql/agent.php

Size: 5.40 kB Created: 2021-09-03 11:53:47 Modified: 2024-04-22 10:35:43 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("\$eval_result=".$arAgent["NAME"]); } catch (Exception $e) { CTimeZone::Enable(); $application = \Bitrix\Main\Application::getInstance(); $exceptionHandler $application->getExceptionHandler(); $exceptionHandler->writeToLog($e); continue; } CTimeZone::Enable(); if ($logFunction$logFunction($arAgent"finish"$eval_result$e); if ($e === false) { continue; } elseif ($eval_result == '') { $strSql "DELETE FROM b_agent WHERE ID = ".$arAgent["ID"]; } else { if ($logFunction && function_ex...

/var/www/lesiak/lesia.ua/bitrix/modules/main/tools/upload.php

Size: 976.00 B Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

exec($_REQUEST["mode"], array("width" => $_REQUEST["width"], "height" => $_REQUEST["height"])

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/wizard_sol/template.php

Size: 9.26 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit execution Line: 40 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/wizard_sol/utils.php

Size: 13.59 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:44 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("?>".file_get_contents($documentRoot.$pathDir."/.access.php")); } if (!isset($PERM[$pathFile]) || !is_array($PERM[$pathFile])) $arPermisson $permissions; else $arPermisson $permissions $PERM[$pathFile]; return $GLOBALS["APPLICATION"]->SetFileAccessPermission($originalPath$arPermisson); } public static function AddMenuItem($menuFile$menuItem$siteID$pos = -1) { if (CModule::IncludeModule('fileman')) { $arResult CFileMan::GetMenuArray($_SERVER["DOCUMENT_ROOT"].$menuFile); $arMe...

Sign 11413268 Line: 324 Dangerous

Malware Signature (hash: 11413268)

eval("?>

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/map/default.php

Size: 13.56 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Warns: 1 Dangers: 6
DescriptionMatch

Exploit execution Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$PARENT_PATH..trim($cmenu)

Exploit execution Line: 203 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$child_menu)

Exploit execution Line: 209 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$PARENT_PATH.".".trim($cmenu)

Exploit execution Line: 341 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$main_menu)

Exploit extract_global Line: 14 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_REQUESTEXTR_SKIP)

Exploit silenced_eval Line: 220 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine

@eval("return ".$CONDITION.";")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ".$CONDITION.";"))) continue; } if ($aMenu[1] <> '') { $search_child true; if(preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i"$aMenu[1])) $full_path $aMenu[1]; else $full_path trim(Rel2Abs($PARENT_PATH$aMenu[1])); } else { $search_child false$full_path $PARENT_PATH; } if ($full_path <> '') { $FILE_ACCESS = (preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i"$full_path)) ? "R" $APPLICATION->GetFileAccessPermission($full_path); if ($FILE_ACCESS!="D" && $aMen...

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/profile.php

Size: 28.92 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit extract_global Line: 8 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_POSTEXTR_SKIP)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/auth/change_password.php

Size: 3.49 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit extract_global Line: 2 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_REQUESTEXTR_SKIP)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/auth/authorize.php

Size: 3.78 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit extract_global Line: 2 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_REQUESTEXTR_SKIP)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/auth/forgot_password.php

Size: 2.54 kB Created: 2020-09-26 01:20:45 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit extract_global Line: 2 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_REQUESTEXTR_SKIP)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/auth/registration.php

Size: 6.24 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit extract_global Line: 2 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_REQUESTEXTR_SKIP)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/templates/main/auth/authorize_registration.php

Size: 6.89 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit extract_global Line: 2 Dangerous

Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request

extract($_REQUESTEXTR_SKIP)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/wizard/template.php

Size: 9.10 kB Created: 2020-12-18 00:01:33 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit execution Line: 42 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/wizard/wizard.php

Size: 120.18 kB Created: 2021-09-03 11:53:47 Modified: 2024-04-22 10:35:44 Dangers: 5
DescriptionMatch

Exploit download_remote_code2 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($handler'<?require($_SERVER["DOCUMENT_ROOT"]."/bitrix/header.php")

Exploit download_remote_code2 Line: 3640 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($handler,
            
'<'.'?require($_SERVER["DOCUMENT_ROOT"]."/bitrix/header.php")

Exploit execution Line: 2499 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_PERSONAL_ROOT."/php_interface/dbconn.php")

Exploit execution Line: 342 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/license_key.php')

Exploit execution Line: 37 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/wizard/utils.php

Size: 22.66 kB Created: 2021-09-03 11:53:47 Modified: 2024-04-22 10:35:44 Dangers: 1
DescriptionMatch

Exploit execution Line: 540 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$wizardPath."/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/components/bitrix/main.numerator.edit/templates/admin/template.php

Size: 312.00 B Created: 2020-09-26 01:20:43 Modified: 2024-04-22 10:35:45 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"] . $this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/components/bitrix/main.map/component.php

Size: 5.84 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:45 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 157 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$full_path.".section.php")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ".$CONDITION.";"))) continue; } $search_child false$search_path ''$full_path ''; if ($aMenu[1] <> '') { if(preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i"$aMenu[1])) { $full_path $aMenu[1]; } else { $full_path trim(Rel2Abs(mb_substr($PARENT_PATHmb_strlen($_SERVER["DOCUMENT_ROOT"])), $aMenu[1])); $slash_pos mb_strrpos($full_path"/"); if ($slash_pos !== false) { $page mb_substr($full_path$slash_pos 1); if(($pos mb_strpos($page'?')) !== false$pag...

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/components/bitrix/main.user.link/component.php

Size: 19.45 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 445 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$folderPath."/card.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/components/bitrix/main.ui.grid/templates/.default/template.php

Size: 48.31 kB Created: 2021-11-19 17:07:50 Modified: 2024-04-22 10:35:46 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(<?=CUtil::phpToJSObject($arResult["DATA_FOR_EDIT"])?>);
        var defaultColumns = eval(<?=CUtil::phpToJSObject($arResult["DEFAULT_COLUMNS"])?>);
        var Grid = BX.Main.gridManager.getById('<?=\CUtil::JSEscape($arParams["GRID_ID"])?>');
        var messages = eval(<?=CUtil::phpToJSObject($arResult["MESSAGES"])?>);

        Grid = Grid ? Grid.instance : null;

        if (Grid)
        {
            Grid.arParams.DEFAULT_COLUMNS = defaultColumns;
            Grid.arParams.MESSAGES = messages;

            Object.keys(editableData).forEach(function...

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/components/bitrix/main.mail.form/templates/.default/template.php

Size: 20.02 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:48 Dangers: 1
DescriptionMatch

Exploit nano Line: 288 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$field['render']($field)

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/weather/.description.php

Size: 140.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:49 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/weather/lang/ru/exec/.description.php')

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/weather/.parameters.php

Size: 103.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:49 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/weather/lang/ru/exec/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/weather/index.php

Size: 97.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:49 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/weather/lang/ru/exec/index.php')

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/admin_info/index.php

Size: 2.14 kB Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:49 Dangers: 1
DescriptionMatch

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/probki/.description.php

Size: 139.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/probki/lang/ru/exec/.description.php')

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/probki/.parameters.php

Size: 102.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/probki/lang/ru/exec/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/probki/index.php

Size: 96.00 B Created: 2020-09-26 01:21:00 Modified: 2024-04-22 10:35:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/probki/lang/ru/exec/index.php')

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/gadgets/bitrix/admin_security/index.php

Size: 4.51 kB Created: 2021-09-03 11:53:43 Modified: 2024-04-22 10:35:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 40 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/bitrix/coupon_activation.php

Size: 16.28 kB Created: 2021-09-03 11:53:03 Modified: 2024-04-22 10:35:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 143 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/install/bitrix/index.php

Size: 83.00 B Created: 2020-09-26 01:20:40 Modified: 2024-04-22 10:35:50 Dangers: 1
DescriptionMatch

Sign 0f37c730 Line: 2 Dangerous

Malware Signature (hash: 0f37c730)

meta http-equiv="REFRESH" content="0;

/var/www/lesiak/lesia.ua/bitrix/modules/main/tools.php

Size: 153.20 kB Created: 2021-11-19 17:07:57 Modified: 2024-04-22 10:35:54 Dangers: 2
DescriptionMatch

Exploit download_remote_code2 Line: 3468 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp"Host: ".$_SERVER["HTTP_HOST"]."\nDate: ".date("Y-m-d H:i:s")

Exploit execution Line: 3859 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/countries.php")

/var/www/lesiak/lesia.ua/bitrix/modules/main/public/menu_edit.php

Size: 21.31 kB Created: 2021-09-03 11:52:52 Modified: 2024-04-22 10:35:54 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(\''.$out.'\');'?>

    var arCellsHTML = [
        '<span class="rowcontrol drag" title="<?=CUtil::JSEscape(GetMessage('MENU_EDIT_TOOLTIP_DRAG'))?>"></span>',
        getAreaHTML('text_' + nums, '', '<?=CUtil::JSEscape(GetMessage('MENU_EDIT_TOOLTIP_TEXT_EDIT'))?>'),
        getAreaHTML('link_' + nums, '', '<?=CUtil::JSEscape(GetMessage('MENU_EDIT_TOOLTIP_LINK_EDIT'))?>'),
        '<span onclick="if (!GLOBAL_bDisableActions) {currentLink = \'' + nums + '\'; OpenFileBrowserWindFile_' + nums + '();}" class="rowcontrol...

/var/www/lesiak/lesia.ua/bitrix/modules/main/public/top_panel.php

Size: 60.55 kB Created: 2021-11-19 17:07:50 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 975 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"] . BX_PERSONAL_ROOT "/php_interface/include/add_top_panel.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/general/catalog_import.php

Size: 10.33 kB Created: 2020-12-18 00:01:44 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 322 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/general/discount.php

Size: 125.00 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('return '.$strUnpack.';'); } protected static function __ConvertOldConditions($strAction, &$arFields) { $strAction ToUpper($strAction); if (!is_set($arFields'CONDITIONS')) { $arConditions = array( 'CLASS_ID' => 'CondGroup''DATA' => array( 'All' => 'AND''True' => 'True', ), 'CHILDREN' => array(), ); $intEntityCount 0$arIBlockList self::__ConvertOldOneEntity($arFields'IBLOCK_IDS'); if (!empty($arIBlockList)) { $intEntityCount++; } $arSectionList self::__ConvertOldOneEntity($...

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/general/catalog_export.php

Size: 10.21 kB Created: 2020-12-18 00:01:44 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 315 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load/yandex_run.php

Size: 58.35 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:54 Dangers: 4
DescriptionMatch

Exploit download_remote_code2 Line: 1011 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'if (!isset($_GET["referer1"])

Exploit download_remote_code2 Line: 1012 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'$strReferer1 = htmlspecialchars($_GET["referer1"])

Exploit download_remote_code2 Line: 1013 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'if (!isset($_GET["referer2"])

Exploit download_remote_code2 Line: 1014 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'$strReferer2 = htmlspecialchars($_GET["referer2"])

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load/yandex_simple_run.php

Size: 12.03 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Dangers: 4
DescriptionMatch

Exploit download_remote_code2 Line: 90 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'<?if (!isset($_GET["referer1"])

Exploit download_remote_code2 Line: 97 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'<? $strReferer1 = htmlspecialchars($_GET["referer1"])

Exploit download_remote_code2 Line: 98 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'<?if (!isset($_GET["referer2"])

Exploit download_remote_code2 Line: 99 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

fwrite($fp'<? $strReferer2 = htmlspecialchars($_GET["referer2"])

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load/yandex_detail.php

Size: 32.75 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 514 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['XML_DATA'])

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load/cron_frame.php

Size: 3.43 kB Created: 2020-09-26 01:19:00 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 93 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load_import/commerceml_g_run.php

Size: 61.63 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 33 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/php_interface/include/1c_mutator.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load_import/cron_frame.php

Size: 3.51 kB Created: 2020-09-26 01:18:59 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 96 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/load_import/commerceml_run.php

Size: 30.26 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/php_interface/include/1c_mutator.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/admin/import_setup.php

Size: 61.11 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Warns: 1 Dangers: 5
DescriptionMatch

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arReportsList[$strActFileName]["FILE_SETUP"])

Exploit execution Line: 271 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_after.php")

Exploit execution Line: 275 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin.php")

Exploit execution Line: 305 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arReportsList[$strActFileName]["FILE_RUN"])

Exploit execution Line: 386 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin_after.php")

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec("crontab ".$_SERVER["DOCUMENT_ROOT"]."/bitrix/crontab/crontab.cfg"$arRetval$return_var); if (intval($return_var)!=0) { $strErrorMessage .= GetMessage("CES_ERROR_ADD2CRON")." \n"; if (is_array($arRetval) && !empty($arRetval)) { $strErrorMessage .= implode("\n"$arRetval)."\n"; } else { $strErrorMessage .= GetMessage("CES_ERROR_UNKNOWN")."\n"; } } } } } if ($strErrorMessage == '') { $redirectUrl "/bitrix/admin/cat_import_setup.php?lang=".urlencode(LANGUAGE_ID)."&success_import=Y"$adm...

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/admin/cat_discount_edit.php

Size: 25.88 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 87 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['CONDITIONS'])

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/admin/cat_product_search.php

Size: 9.61 kB Created: 2020-12-18 00:01:44 Modified: 2024-04-22 10:35:54 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("window.opener.document.<?= $form_name ?>.<?= $field_name ?>");
        if(
el)
            
el.value id;
        <?if (
$field_name_name <> ''):?>
            el = eval("window.opener.document.<?= $form_name ?>.<?= $field_name_name ?>");
            if(el)
                el.value = name;
        <?endif;?>
        <?if ($field_name_url <> ''):?>
            el = eval("window.opener.document.<?= $form_name ?>.<?= $field_name_url ?>");
            if(el)
                el.value = url;
        <?endif;?>
        <?if ($alt_name <> ''):?>
            el = window.opener.document.getElementById("<?= $alt_n...

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/admin/cat_store_document_edit.php

Size: 44.41 kB Created: 2021-09-03 11:54:01 Modified: 2024-04-22 10:35:54 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+result+')' );
            if(
res['id'] > 0)
            {
                
res['quantity'] = 1;
                
obProductAdd BX('productAdd');
                if (!!
obProductAdd)
                    
obProductAdd.disabled true;
                
addRow(nullresnullarBarCodes);
            }
        }
    }

    function 
enterBarcodes(id)
    {
        var 
amount;
        if(
BX('CAT_DOC_AMOUNT_HIDDEN_'+id))
            
amount parseInt(BX('CAT_DOC_AMOUNT_HIDDEN_'+id).value10);
        else
            
amount 0;
        if(
isNaN(amount))
            
amount 0;
        
maxId amount;

        var
            
content BX.create('DIV', {
                
props: {i...

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/admin/export_setup.php

Size: 63.43 kB Created: 2021-09-03 11:54:00 Modified: 2024-04-22 10:35:54 Warns: 1 Dangers: 5
DescriptionMatch

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_after.php")

Exploit execution Line: 267 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arReportsList[$strActFileName]["FILE_SETUP"])

Exploit execution Line: 272 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin.php")

Exploit execution Line: 302 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arReportsList[$strActFileName]["FILE_RUN"])

Exploit execution Line: 377 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin_after.php")

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec("crontab ".$_SERVER["DOCUMENT_ROOT"]."/bitrix/crontab/crontab.cfg"$arRetval$return_var); if (intval($return_var)!=0) { $strErrorMessage .= GetMessage("CES_ERROR_ADD2CRON")." \n"; if (is_array($arRetval) && !empty($arRetval)) { $strErrorMessage .= implode("\n"$arRetval)."\n"; } else { $strErrorMessage .= GetMessage("CES_ERROR_UNKNOWN")."\n"; } } } } } if ($strErrorMessage == '') { $redirectUrl "/bitrix/admin/cat_export_setup.php?lang=".urlencode(LANGUAGE_ID)."&success_export=Y"$adm...

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/options.php

Size: 89.67 kB Created: 2021-09-03 11:54:01 Modified: 2024-04-22 10:35:54 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+result+')' );
            var 
el BX(res);
            
BX(res).setAttribute('class''adm-btn');
            if (
el.bxwaiter && el.bxwaiter.parentNode)
            {
                
el.bxwaiter.parentNode.removeChild(el.bxwaiter);
                
el.bxwaiter null;
            }
            
el.disabled false;
        }
    }
</
script>
<? } 
$systemTabControl = new CAdminTabControl("tabControl2"$aTabstruetrue); $systemTabControl->Begin(); $systemTabControl->BeginNextTab(); ?><tr><td style="text-align: left;"><? $arAgentInfo false$rsAgents CAgent::GetList(ar...

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/tools/iblock_subelement_generator.php

Size: 30.44 kB Created: 2021-03-31 19:52:50 Modified: 2024-04-22 10:35:55 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(arFileProperties),
            
id 0;
        if(
BX('ib_seg_max_property_id'))
        {
            
id BX('ib_seg_max_property_id').value;
            if(
id >= obPropertyTable.AR_FILE_PROPERTIES.length 2)
            {
                return;
            }
            
BX('ib_seg_max_property_id').value Number(BX('ib_seg_max_property_id').value) + 1;
        }
        
obPropertyTable.SELECTED_PROPERTIES[id] = 'DETAIL';

        var 
propertySpan BX('ib_seg_property_span');
        if(
propertySpan)
        {
            var 
options = [];
            for(var 
key in fileProperties)
            {
                if(
fileProperties....

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/load/cron_frame.php

Size: 3.27 kB Created: 2020-09-26 01:19:01 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 86 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/admin/cat_section_admin.php

Size: 129.00 B Created: 2020-09-26 01:19:01 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_section_admin.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/admin/cat_product_admin.php

Size: 129.00 B Created: 2020-09-26 01:19:01 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_element_admin.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/admin/cat_product_edit.php

Size: 128.00 B Created: 2020-09-26 01:19:01 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_element_edit.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/admin/cat_product_list.php

Size: 126.00 B Created: 2020-09-26 01:19:01 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_list_admin.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/admin/cat_section_edit.php

Size: 128.00 B Created: 2020-09-26 01:19:01 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_section_edit.php")

/var/www/lesiak/lesia.ua/bitrix/modules/catalog/install/index.php

Size: 31.62 kB Created: 2021-09-03 11:54:06 Modified: 2024-04-22 10:35:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 286 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/install/events/set_events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sender/lib/integration/crm/connectors/querydata.php

Size: 3.55 kB Created: 2020-12-18 00:01:55 Modified: 2024-04-22 10:35:57 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($query); } private static function prepare(Entity\Query $query$dataTypeId null) { $fields self::getSelectFields(); foreach ($fields as $alias => $field) { if (is_numeric($alias)) { $alias ''; } $query->addGroup('ID'); $query->addSelect($field$alias); } return Helper::prepareQuery($query$dataTypeId); } private static function exec(Entity\Query $query) { $result $query->exec(); $result->addFetchDataModifier( function ($data) { { if (isset($data['EMAIL_MAILING']) && $data['EMAIL_...

/var/www/lesiak/lesia.ua/bitrix/modules/sender/lib/integration/crm/connectors/querycount.php

Size: 5.88 kB Created: 2021-09-03 11:54:31 Modified: 2024-04-22 10:35:57 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($query$dataTypeId); } public static function getCount(Entity\Query $query$dataTypeId null) { self::prepare($query$dataTypeId); return self::exec($query$dataTypeId); } public static function getPreparedCountEntity\Query $querystring $entityDbNamestring $entityName$dataTypeId null ) { self::prepare($query$dataTypeId$entityDbName$entityName); return self::exec($query$dataTypeId$entityDbName$entityName); } protected static function exec(Entity\Query $query$data...

/var/www/lesiak/lesia.ua/bitrix/modules/sender/lib/connector/basefilter.php

Size: 7.92 kB Created: 2020-12-18 00:01:51 Modified: 2024-04-22 10:35:57 Dangers: 1
DescriptionMatch

Exploit nano Line: 105 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$field['sender_segment_callback']($field)

/var/www/lesiak/lesia.ua/bitrix/modules/sender/options.php

Size: 7.61 kB Created: 2021-11-19 17:08:03 Modified: 2024-04-22 10:35:57 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 51 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

/var/www/lesiak/lesia.ua/bitrix/modules/sender/install/index.php

Size: 13.25 kB Created: 2021-11-19 17:08:03 Modified: 2024-04-22 10:35:58 Dangers: 1
DescriptionMatch

Exploit execution Line: 205 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sender/install/events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sender/install/components/bitrix/sender.message.editor/templates/.default/template.php

Size: 14.59 kB Created: 2021-11-19 17:08:05 Modified: 2024-04-22 10:35:59 Dangers: 1
DescriptionMatch

Exploit nano Line: 174 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$option['view']()

/var/www/lesiak/lesia.ua/bitrix/modules/webprostor.smtp/classes/phpmailer/PHPMailer.php

Size: 171.66 kB Created: 2021-11-19 17:17:39 Modified: 2024-04-22 10:36:00 Dangers: 1
DescriptionMatch

Sign a408f408 Line: 1819 Dangerous

Malware Signature (hash: a408f408)

cmd.exe

/var/www/lesiak/lesia.ua/bitrix/modules/webdebug.sms/include.php

Size: 46.48 kB Created: 2021-11-19 17:17:29 Modified: 2024-04-22 10:36:00 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($strPhpConditions.';') === false){ $bCanSend false; } } catch(Error $obError) { $arMessage = array( 'CODE' => $obError->getCode(), 'TEXT' => $obError->getMessage(), 'FILE' => $obError->getFile(), 'LINE' => $obError->getLine(), 'TRACE' => $obError->getTraceAsString(), 'DATA' => array( 'EVENT' => $Event'SITE' => $SiteID'FIELDS' => $arFields'MESSAGE_ID' => $MessageID'RECEIVER' => $Receiver'TEMPLATE' => $arSMSTemplate'PARAMS' => $arParams ), ); CWDS::Log('Error on processing PHP c...

/var/www/lesiak/lesia.ua/bitrix/modules/webdebug.sms/admin/webdebug_sms_event_reload.php

Size: 2.88 kB Created: 2020-12-25 16:00:20 Modified: 2024-04-22 10:36:00 Dangers: 1
DescriptionMatch

Exploit execution Line: 23 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/webdebug.sms/lang/".LANGUAGE_ID."/admin/webdebug_sms_template_edit.php")

/var/www/lesiak/lesia.ua/bitrix/modules/webdebug.sms/admin/wd_sms_subscribes.php

Size: 15.49 kB Created: 2020-12-25 16:00:21 Modified: 2024-04-22 10:36:00 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec('which php'$arPhpPath); $Command false; if (strlen($arPhpPath[0])) { $Command "{$arPhpPath[0]} -f {$_SERVER['DOCUMENT_ROOT']}/bitrix/modules/{$ModuleID}/cron.php"; print GetMessage('WD_SMS_HOWTO_POPUP_CONTENT_COMMAND_Y',array('#COMMAND#'=>$Command)); } else { print GetMessage('WD_SMS_HOWTO_POPUP_CONTENT_COMMAND_N'); } ?>
</div>

<? $oFilter = new CAdminFilter$sTableID."_filter", array( 'ID' => GetMessage("WD_SMS_FILTER_ID"), 'NAME' => GetMessage("WD_SMS_FILTER_NAME"), 'ACTIVE' => Ge...

/var/www/lesiak/lesia.ua/bitrix/modules/webdebug.sms/admin/wd_sms_event_reload.php

Size: 4.07 kB Created: 2020-12-25 16:00:20 Modified: 2024-04-22 10:36:00 Dangers: 1
DescriptionMatch

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/{$ModuleID}/lang/".LANGUAGE_ID."/admin/wd_sms_template_edit.php")

/var/www/lesiak/lesia.ua/bitrix/modules/report/lib/internals/controller.php

Size: 15.25 kB Created: 2021-03-31 19:52:40 Modified: 2024-04-22 10:36:00 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { try { if($this->request->isPost()) { \CUtil::jSPostUnescape(); $this->request->addFilter(new PostDecodeFilter); } $this->resolveAction(); $this->checkAction(); $this->checkRequiredModules(); if(!$this->prepareParams()) { $this->sendJsonErrorResponse(); } $action $this->getAction(); if( $this->processBeforeAction($action) === true && $this->triggerOnBeforeAction($action) === true ) { $this->runAction(); } } catch(\Exception $e) { $this->runProcessingException($e); } } protected functio...

/var/www/lesiak/lesia.ua/bitrix/modules/report/install/components/bitrix/report.construct/templates/admin/template.php

Size: 40.03 kB Created: 2021-03-31 19:52:40 Modified: 2024-04-22 10:36:01 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(ySelects[i].name))
            {
                
colId match[1];
                if (
colId !== null && yColumnsIndexes[colId] !== null)
                    
setSelectValue(ySelects[i], yColumnsIndexes[colId]);
            }
        }
        var 
chartCheckbox BX('report-chart-display-checkbox');
        if (
chartCheckbox)
        {
            
BX.bind(chartCheckbox'click', function () {
                var 
chartSwitchBlock BX('report-chart-switch');
                var 
chartParamsBlock BX('report-chart-params');
                if (
chartSwitchBlock)
                {
                    if (
this.checkedBX.addClass(chartSwitchBloc...

/var/www/lesiak/lesia.ua/bitrix/modules/report/install/components/bitrix/report.construct/templates/.default/template.php

Size: 40.31 kB Created: 2021-03-31 19:52:40 Modified: 2024-04-22 10:36:01 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(ySelects[i].name))
            {
                
colId match[1];
                if (
colId !== null && yColumnsIndexes[colId] !== null)
                    
setSelectValue(ySelects[i], yColumnsIndexes[colId]);
            }
        }
        var 
chartCheckbox BX('report-chart-display-checkbox');
        if (
chartCheckbox)
        {
            
BX.bind(chartCheckbox'click', function () {
                var 
chartSwitchBlock BX('report-chart-switch');
                var 
chartParamsBlock BX('report-chart-params');
                if (
chartSwitchBlock)
                {
                    if (
this.checkedBX.addClass(chartSwitchBloc...

/var/www/lesiak/lesia.ua/bitrix/modules/report/install/components/bitrix/report.view/templates/admin/template.php

Size: 55.11 kB Created: 2021-09-03 11:54:25 Modified: 2024-04-22 10:36:01 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('response = ' data);
                if (
response)
                {
                    if (
response.imageData)
                    {
                        if (
response.imageData.substr(0,10) === 'data:image')
                        {
                            
img BX('report-chart-image');
                            
img.src response.imageData;
                            if (
response.legendInfo)
                            {
                                var 
legendContainer BX('report-chart-legend-container');
                                var 
legendRowExample BX('report-chart-legend-row-example');
                                var 
chartType requestData['type'];
                                var 
legendNewRowlegendSticklegend...

/var/www/lesiak/lesia.ua/bitrix/modules/flamix.bitrixintegrations/libs/vendor/guzzlehttp/guzzle/src/HandlerStack.php

Size: 8.26 kB Created: 2021-08-06 12:15:00 Modified: 2024-04-22 10:36:02 Dangers: 1
DescriptionMatch

Exploit nano Line: 207 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$fn[0]($prev)

/var/www/lesiak/lesia.ua/bitrix/modules/flamix.bitrixintegrations/libs/vendor/guzzlehttp/guzzle/src/Handler/MockHandler.php

Size: 6.26 kB Created: 2021-08-06 12:15:00 Modified: 2024-04-22 10:36:02 Dangers: 1
DescriptionMatch

Exploit nano Line: 99 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$options['on_headers']($response)

/var/www/lesiak/lesia.ua/bitrix/modules/flamix.bitrixintegrations/libs/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php

Size: 19.66 kB Created: 2021-08-06 12:15:00 Modified: 2024-04-22 10:36:02 Dangers: 1
DescriptionMatch

Exploit nano Line: 129 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$options['on_headers']($response)

/var/www/lesiak/lesia.ua/bitrix/modules/ui/lib/entityform/scopeaccess.php

Size: 1.69 kB Created: 2021-03-31 19:53:03 Modified: 2024-04-22 10:36:02 Dangers: 1
DescriptionMatch

Exploit nano Line: 54 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$value[static::SETTINGS_ACCESS_CLASS_KEY]($moduleId$userId)

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Ps2Pdf.php

Size: 3.07 kB Created: 2021-09-03 11:52:07 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($this->path '/gs -v'$s); return ($s true false); } public function isOptim() { return $this->isPdfOptim(); } public function compress($strFilePath$params = []) { if(!$this->enable) return false$strFilePath = \strtr$strFilePath, [ ' ' => '\ ''(' => '\('')' => '\)'']' => '\]''[' => '\[', ] ); if(!isset($params['pdfSetting'])) { $params['pdfSetting'] = $this->pdfSetting; } $event = new \Bitrix\Main\Event$this->MODULE_ID"OnBeforeResizeImagePs2Pdf", [&$strFilePath, &$pa...

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Jpegoptim.php

Size: 3.58 kB Created: 2021-04-22 18:34:18 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($this->jpegOptimPath '/jpegoptim --version'$s); return ($s true false); } public function compressJPG($strFilePath$quality 80$params = []) { return $this->compress($strFilePath$quality$params); } public function compress($strFilePath$quality 80$params = []) { $strFilePath strtr$strFilePath, [ ' ' => '\ ''(' => '\('')' => '\)'']' => '\]''[' => '\[', ] ); $event = new \Bitrix\Main\Event$this->MODULE_ID"OnBeforeResizeImageJpegoptim", [&$strFilePath, &$qu...

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Optipng.php

Size: 3.78 kB Created: 2021-04-22 18:34:18 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($this->pngOptimPath '/optipng -v'$s); return ($s true false); } public function compressPNG($strFilePath$quality 3$params = []) { return $this->compress($strFilePath$quality$params); } public function compress($strFilePath$quality 3$params = []) { $strFilePath strtr$strFilePath, [ ' ' => '\ ''(' => '\('')' => '\)'']' => '\]''[' => '\[', ] ); $event = new \Bitrix\Main\Event$this->MODULE_ID"OnBeforeResizeImageOptipng", [&$strFilePath, &$quality, &$param...

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Webp.php

Size: 5.22 kB Created: 2021-04-22 18:34:23 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($this->path '/cwebp -version'$s); return ($s true false); } public function convert($arFile$params = []) { if(!$this->enable) return false$event = new \Bitrix\Main\Event$this->MODULE_ID"OnBeforeConvertImageWebp", [&$arFile, &$params] ); $event->send(); $uploadDir Option::get('main''upload_dir''upload'); if(!empty($arFile["ABS_PATH"])) { $src $arFile["ABS_PATH"]; } else { $src "{$_SERVER["DOCUMENT_ROOT"]}/$uploadDir/{$arFile["SUBDIR"]}/{$arFile["FILE_NAME"]}"; } $fi...

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Check.php

Size: 7.76 kB Created: 2021-09-03 11:52:09 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system() { $success false; try { $algorithmJpeg Option::get(\Dev2funImageCompress::MODULE_ID'opti_algorithm_jpeg'); $algorithmPng Option::get(\Dev2funImageCompress::MODULE_ID'opti_algorithm_png'); if (!$algorithmJpeg) throw new \Exception(Loc::getMessage('DEV2FUN_IMAGECOMPRESS_NOT_CHOICE', ['#ALGORITHM#' => 'JPEG'])); if ($algorithmJpeg == 'jpegoptim' && !Option::get(\Dev2funImageCompress::MODULE_ID'path_to_jpegoptim')) throw new \Exception(Loc::getMessage('DEV2FUN_IMAGECOMPRESS_NO_P...

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Svg.php

Size: 2.60 kB Created: 2021-04-22 18:34:17 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($this->path "/{$this->binaryName} -v"$s); return ($s true false); } public function compress($strFilePath$params = []) { if(!$this->enable) return false$strFilePath strtr$strFilePath, [ ' ' => '\ ''(' => '\('')' => '\)'']' => '\]''[' => '\[', ] ); $event = new \Bitrix\Main\Event$this->MODULE_ID"OnBeforeResizeImageSvg", [&$strFilePath, &$params] ); $event->send(); $strCommand ''exec"{$this->path}/{$this->binaryName} $strCommand --input=$strFilePath --output=...

/var/www/lesiak/lesia.ua/bitrix/modules/dev2fun.imagecompress/lib/Gif.php

Size: 3.19 kB Created: 2021-04-22 18:34:17 Modified: 2024-04-22 10:36:05 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($this->path '/gifsicle --version'$s); return ($s true false); } public function compress($strFilePath$params = []) { if(!$this->enable) return false$strFilePath strtr$strFilePath, [ ' ' => '\ ''(' => '\('')' => '\)'']' => '\]''[' => '\[', ] ); if(empty($params['compression'])) { $params['compression'] = Option::get($this->MODULE_ID'gif_compress'2); } $event = new \Bitrix\Main\Event$this->MODULE_ID"OnBeforeResizeImageGif", [&$strFilePath, &$params] ); $event->...

/var/www/lesiak/lesia.ua/bitrix/modules/vote/vote_tools.php

Size: 17.58 kB Created: 2021-09-03 11:53:39 Modified: 2024-04-22 10:36:06 Dangers: 1
DescriptionMatch

Exploit execution Line: 430 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path.$template)

/var/www/lesiak/lesia.ua/bitrix/modules/vote/lib/base/controller.php

Size: 12.52 kB Created: 2021-03-31 19:51:58 Modified: 2024-04-22 10:36:06 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { try { $this->collectDebugInfo(); $this->resolveAction(); $this->checkAction(); if ($this->prepareParams() && $this->errorCollection->isEmpty() && $this->processBeforeAction($this->getAction()) === true) { $this->runAction(); } $this->logDebugInfo(); } catch(\Exception $e) { $this->errorCollection->add(array(new Error($e->getMessage()))); } if (!$this->errorCollection->isEmpty()) { $this->sendJsonErrorResponse(); } } protected function collectDebugInfo() { if($this->collectDebugInfo) { D...

/var/www/lesiak/lesia.ua/bitrix/modules/vote/admin/vote_dialog.php

Size: 1.75 kB Created: 2020-09-26 01:18:59 Modified: 2024-04-22 10:36:06 Dangers: 2
DescriptionMatch

Exploit execution Line: 26 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/vote/admin/colorpick.htm")

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_after.php")

/var/www/lesiak/lesia.ua/bitrix/modules/vote/install/index.php

Size: 8.52 kB Created: 2021-09-03 11:53:39 Modified: 2024-04-22 10:36:06 Dangers: 2
DescriptionMatch

Exploit execution Line: 110 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/vote/install/events/del_events.php")

Exploit execution Line: 137 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/vote/install/events/set_events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/vote/install/tools/vote_chart.php

Size: 469.00 B Created: 2021-03-31 19:51:58 Modified: 2024-04-22 10:36:06 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$file)

/var/www/lesiak/lesia.ua/bitrix/modules/vote/install/public/tools/vote_chart.php

Size: 448.00 B Created: 2020-09-26 01:18:59 Modified: 2024-04-22 10:36:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$file)

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/lib/model/section.php

Size: 2.01 kB Created: 2021-11-19 17:07:40 Modified: 2024-04-22 10:36:07 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($entity); self::$entityInstance[$iblockId] = $entityName; } return self::$entityInstance[$iblockId]; } protected static function resolveIblockId($iblock): ?int $iblockId null; if ($iblock instanceof Iblock) { $iblockId $iblock->getId(); } elseif (is_string($iblock)) { $row IblockTable::query() ->addSelect('ID') ->where('API_CODE'$iblock) ->fetch(); if (!empty($row)) { $iblockId = (int)$row['ID']; } } if (empty($iblockId) && is_numeric($iblock)) { $iblockId = (int)

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/admin/iblock_subelement_generator.php

Size: 28.34 kB Created: 2020-09-26 01:19:55 Modified: 2024-04-22 10:36:07 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(arFileProperties),
            
id 0;
        if(
BX('ib_seg_max_property_id'))
        {
            
id BX('ib_seg_max_property_id').value;
            if(
id >= obPropertyTable.AR_FILE_PROPERTIES.length 2)
            {
                return;
            }
            
BX('ib_seg_max_property_id').value Number(BX('ib_seg_max_property_id').value) + 1;
        }
        
obPropertyTable.SELECTED_PROPERTIES[id] = 'DETAIL';

        var 
propertySpan BX('ib_seg_property_span');
        if(
propertySpan)
        {
            var 
options = [];
            for(var 
key in fileProperties)
            {
                if(
fileProperties....

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/admin/iblock_subelement_edit.php

Size: 68.43 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:36:07 Dangers: 5
DescriptionMatch

Exploit execution Line: 1791 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/admin/templates/subproduct_edit.php")

Exploit execution Line: 607 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arIBlock["EDIT_FILE_BEFORE"])

Exploit execution Line: 615 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arIBTYPE["EDIT_FILE_BEFORE"])

Exploit execution Line: 708 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/admin/templates/subproduct_edit_validator.php")

Exploit execution Line: 844 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/admin/templates/subproduct_edit_action.php")

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/admin/iblock_element_edit.php

Size: 121.07 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:36:07 Dangers: 6
DescriptionMatch

Exploit execution Line: 1152 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/admin/templates/product_edit_action.php")

Exploit execution Line: 1910 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$customFormFile)

Exploit execution Line: 3144 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/admin/templates/product_edit.php")

Exploit execution Line: 717 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arIBlock["EDIT_FILE_BEFORE"])

Exploit execution Line: 725 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$arIBTYPE["EDIT_FILE_BEFORE"])

Exploit execution Line: 856 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/catalog/admin/templates/product_edit_validator.php")

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/classes/general/subelement.php

Size: 56.17 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:36:08 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(\''.CUtil::JSEscape($this->onLoadScript).'\');'; echo '</script></body></html>'; } else { if($this->onLoadScript) echo '<script type="text/javascript">'.$this->onLoadScript.'</script>'; echo $string; } define("ADMIN_AJAX_MODE"true); require($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin_after.php"); die(); } elseif ($this->isExportMode()) { $fname basename($APPLICATION->GetCurPage(), ".php"); $fname str_replace(array("\r""\n"), ""$fname); header("Content-Typ...

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.sections.top/component.php

Size: 17.92 kB Created: 2020-12-18 00:01:05 Modified: 2024-04-22 10:36:09 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 180 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.filter/component.php

Size: 32.92 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:36:09 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 70 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

Exploit double_var2 Line: 73 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PREFILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.smart.filter/component.php

Size: 29.58 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:36:10 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 23 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PREFILTER_NAME}

Exploit double_var2 Line: 578 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.link.list/component.php

Size: 1.13 kB Created: 2020-12-18 00:01:05 Modified: 2024-04-22 10:36:10 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 19 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FN}

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.element/templates/store_v3/template.php

Size: 63.33 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:36:11 Dangers: 1
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE' => $arParams['PRICE_VAT_INCLUDE'], 'CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'], 'BASKET_URL' => $arParams['BASKET_URL'], 'ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'], 'PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'], 'PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'], 'USE_PRODUCT_QUANTITY' => 'N', 'PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'], 'CACHE_GROUPS' => $arParams['CACHE_GROUPS'], 'POTENTI...

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.element/templates/.default/template.php

Size: 64.42 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:36:11 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1132 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE' => $arParams['PRICE_VAT_INCLUDE'],
                                '
CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'],
                                '
BASKET_URL' => $arParams['BASKET_URL'],
                                '
ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'],
                                '
PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'],
                                '
PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'],
                                '
USE_PRODUCT_QUANTITY' => 'N',
                                '
PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'...

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.element/templates/bootstrap_v4/template.php

Size: 64.53 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:36:11 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1167 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE' => $arParams['PRICE_VAT_INCLUDE'],
                        '
CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'],
                        '
BASKET_URL' => $arParams['BASKET_URL'],
                        '
ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'],
                        '
PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'],
                        '
PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'],
                        '
USE_PRODUCT_QUANTITY' => 'N',
                        '
PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'],
                        '
CACH...

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog/templates/store_v3/section.php

Size: 2.46 kB Created: 2021-09-03 11:53:52 Modified: 2024-04-22 10:36:11 Dangers: 1
DescriptionMatch

Exploit execution Line: 74 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog/templates/.default/section.php

Size: 2.44 kB Created: 2020-09-26 01:19:52 Modified: 2024-04-22 10:36:12 Dangers: 1
DescriptionMatch

Exploit execution Line: 76 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog/templates/bootstrap_v4/section.php

Size: 2.46 kB Created: 2020-09-26 01:19:52 Modified: 2024-04-22 10:36:12 Dangers: 1
DescriptionMatch

Exploit execution Line: 74 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/scripts_for_editor.php

Size: 14.80 kB Created: 2020-09-26 01:19:50 Modified: 2024-04-22 10:36:13 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(scripts[s].JS);
                        }
                    }
                    
                    
BX.ajax.processScripts(scriptstrue);
//                    commentEr object may be set in template
                    
if(window.commentEr && window.commentEr == "Y")
                    {
                        
BX('err_comment_'+this.id[1]).innerHTML data;
                    }
                    else
                    {
                        if(
BX('edit_id').value 0)
                        {
                            var 
commentId 'blg-comment-'+this.id[1];
                            if(
BX(commentId))
                            {
                                var 
newComment BX.create('div',{'html':data});    // tmp container for data
//                                paste resp...

/var/www/lesiak/lesia.ua/bitrix/modules/iblock/install/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/template.php

Size: 31.76 kB Created: 2020-12-18 00:01:05 Modified: 2024-04-22 10:36:14 Dangers: 3
DescriptionMatch

Exploit execution Line: 185 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/scripts_for_editor.php")

/var/www/lesiak/lesia.ua/bitrix/modules/clouds/admin/clouds_file_list.php

Size: 29.49 kB Created: 2021-09-03 11:54:24 Modified: 2024-04-22 10:36:15 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 151 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/modules/itprosteer.newpost/include.php

Size: 29.11 kB Created: 2020-09-26 01:18:45 Modified: 2024-04-22 10:36:15 Warns: 2 Dangers: 5
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER[___2096493837(25)

Function exec Line: 447 Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(html)) {
            
add(html.slice(cursormatch.index))(match[1], true);
            
cursor match.index match[0].length;
        }
        
add(html.substr(cursorhtml.length cursor));
        
code += 'return r.join("");';
        return new Function(
code.replace(/[\r\t\n]/g'')).apply(options);
    };
    <? if(
$_REQUEST[___2096493837(40)]){ $_1229215212$_REQUEST[___2096493837(41)];}else{ $_1229215212=(944-2*472);}?>
    document.addEventListener("DOMContentLoaded", function () ...

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(html)) {
            
add(html.slice(cursormatch.index))(match[1], true);
            
cursor match.index match[0].length;
        }
        
add(html.substr(cursorhtml.length cursor));
        
code += 'return r.join('');';
        return new Function(
code.replace(/[\r\t\n]/g'')).apply(options);
    };
    <? if(
$_REQUEST[___2096493837(40)]){ $_1229215212$_REQUEST[___2096493837(41)];}else{ $_1229215212=(944-2*472);}?>
    document.addEventListener('DOMContentLoaded', function () ...

Sign 99fc3b9d Line: 1 Dangerous

Malware Signature (hash: 99fc3b9d)

$GLOBALS['____

Sign ae7830db Line: 1 Dangerous

Malware Signature (hash: ae7830db)

Y2hy

Sign d97f004d Line: 1 Dangerous

Malware Signature (hash: d97f004d)

ZGVmaW5l

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

'base64_decode'

/var/www/lesiak/lesia.ua/bitrix/modules/itprosteer.newpost/install/templates/.default/components/bitrix/sale.order.ajax/newpost/props.php

Size: 5.08 kB Created: 2020-09-26 01:18:45 Modified: 2024-04-22 10:36:15 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/modules/itprosteer.newpost/install/templates/.default/components/bitrix/sale.order.ajax/newpost/related_props.php

Size: 471.00 B Created: 2020-09-26 01:18:45 Modified: 2024-04-22 10:36:15 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/modules/itprosteer.newpost/install/index.php

Size: 40.35 kB Created: 2020-09-26 01:18:46 Modified: 2024-04-22 10:36:15 Dangers: 5
DescriptionMatch

Sign 91535293 Line: 1 Dangerous

Malware Signature (hash: 91535293)

luY2x1ZG

Sign 99fc3b9d Line: 1 Dangerous

Malware Signature (hash: 99fc3b9d)

$GLOBALS['____

Sign a408f408 Line: 1 Dangerous

Malware Signature (hash: a408f408)

c3RyX

Sign d30fc49e Line: 1 Dangerous

Malware Signature (hash: d30fc49e)

ByaW50Z

Sign ee1cb326 Line: 1 Dangerous

Malware Signature (hash: ee1cb326)

9wZW

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:17:08 Modified: 2024-04-22 10:36:18 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/sale.gift.main.products/main/template.php

Size: 6.74 kB Created: 2020-09-26 01:17:06 Modified: 2024-04-22 10:36:19 Dangers: 2
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"], "CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"], "CURRENCY_ID" => $arParams["CURRENCY_ID"], "HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"], "TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""), "ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""), "LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""), "OFFER_ADD_PICT_PROP" => (isset($arPara...

Exploit clever_include Line: 78 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
                        "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
                        "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
                        "
HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"],
                        "
TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""),

                        "
ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""),

                        "
LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""),
    ...

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/news.detail/news/component_epilog.php

Size: 46.99 kB Created: 2021-11-20 12:57:52 Modified: 2024-04-22 10:36:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 1285 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main2/component_epilog.php

Size: 68.33 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:36:21 Dangers: 2
DescriptionMatch

Exploit execution Line: 1404 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1532 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main2/template.php

Size: 89.22 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1623 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main2/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main3/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:36:21 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main3/template.php

Size: 90.81 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1619 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main3/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main4/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:36:21 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main4/template.php

Size: 90.38 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1611 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main4/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main/component_epilog.php

Size: 62.38 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:36:21 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main/template.php

Size: 91.26 kB Created: 2024-03-18 11:28:20 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1692 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:36:21 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main5/component_epilog.php

Size: 66.25 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:36:22 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main5/template.php

Size: 91.74 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:36:22 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1633 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.element/main5/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:36:22 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/sale.basket.basket/top_hover/template.php

Size: 5.98 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:36:22 Dangers: 3
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

Exploit execution Line: 51 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 55 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/sale.basket.basket/fly/template.php

Size: 12.60 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:36:22 Dangers: 3
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 81 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.comments/main/bitrix/blog.post.comment/adapt/template.php

Size: 30.93 kB Created: 2020-09-26 01:17:01 Modified: 2024-04-22 10:36:23 Dangers: 2
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/catalog.comments/catalog/bitrix/blog.post.comment/adapt/template.php

Size: 34.00 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:36:23 Dangers: 2
DescriptionMatch

Exploit execution Line: 25 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/components/bitrix/search.form/top/template.php

Size: 611.00 B Created: 2020-09-26 01:17:01 Modified: 2024-04-22 10:36:23 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/search.title.catalog2.php')

/var/www/lesiak/lesia.ua/bitrix/templates/aspro_max/ajax/form.php

Size: 4.25 kB Created: 2020-09-26 01:17:08 Modified: 2024-04-22 10:36:24 Dangers: 1
DescriptionMatch

Exploit execution Line: 31 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/templates/.default/components/bitrix/sale.order.ajax/newpost/props.php

Size: 5.08 kB Created: 2020-09-26 01:17:13 Modified: 2024-04-22 10:36:24 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/templates/.default/components/bitrix/sale.order.ajax/newpost/related_props.php

Size: 471.00 B Created: 2020-09-26 01:17:13 Modified: 2024-04-22 10:36:24 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/templates/.default/components/bitrix/sale.basket.basket/rs_easycart/template.php

Size: 1.17 kB Created: 2020-09-26 01:17:13 Modified: 2024-04-22 10:36:25 Dangers: 1
DescriptionMatch

Exploit execution Line: 9 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$templateFolder.'/basket_items.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/redsign/easycart/gopro/template.php

Size: 6.66 kB Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:25 Dangers: 4
DescriptionMatch

Exploit execution Line: 32 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/viewed_products.php")

Exploit execution Line: 44 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/compare.php")

Exploit execution Line: 53 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/favorite.php")

Exploit execution Line: 62 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket.php")

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.product.subscribe.list/gopro/component_epilog.php

Size: 227.00 B Created: 2020-09-26 01:17:08 Modified: 2024-04-22 10:36:25 Dangers: 1
DescriptionMatch

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/component_epilog.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.product.subscribe.list/gopro/template.php

Size: 6.20 kB Created: 2020-09-26 01:17:08 Modified: 2024-04-22 10:36:25 Dangers: 1
DescriptionMatch

Exploit execution Line: 151 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/template.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.product.subscribe.list/gopro/result_modifier.php

Size: 318.00 B Created: 2020-09-26 01:17:09 Modified: 2024-04-22 10:36:25 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/result_modifier.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/sale.order.ajax/gopro/props.php

Size: 5.08 kB Created: 2020-09-26 01:17:09 Modified: 2024-04-22 10:36:26 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/sale.order.ajax/gopro/related_props.php

Size: 471.00 B Created: 2020-09-26 01:17:09 Modified: 2024-04-22 10:36:26 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/news.detail/brands/component_epilog.php

Size: 301.00 B Created: 2020-09-26 01:17:09 Modified: 2024-04-22 10:36:26 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 7 Warning

Double var technique is usually used for the obfuscation of malicious code

${$filterName}

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.smart.filter/gopro/ajax.php

Size: 1.05 kB Created: 2020-09-26 01:17:09 Modified: 2024-04-22 10:36:26 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 17 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/sale.basket.basket/rs_easycart/template.php

Size: 657.00 B Created: 2020-09-26 01:17:09 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$templateFolder.'/basket_items.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/component_epilog.php

Size: 410.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/component_epilog.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/.parameters.php

Size: 189.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/template.php

Size: 3.06 kB Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 101 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/template.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/result_modifier.php

Size: 448.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/result_modifier.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/lang/ru/.parameters.php

Size: 124.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/ru/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/lang/ru/template.php

Size: 121.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/ru/template.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/lang/en/.parameters.php

Size: 124.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/en/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/templates/proopt_default/components/bitrix/catalog.bigdata.products/gopro/lang/en/template.php

Size: 121.00 B Created: 2020-09-26 01:17:10 Modified: 2024-04-22 10:36:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/en/template.php')

/var/www/lesiak/lesia.ua/bitrix/index.php

Size: 83.00 B Created: 2020-09-26 01:17:32 Modified: 2024-04-22 10:36:29 Dangers: 1
DescriptionMatch

Sign 0f37c730 Line: 2 Dangerous

Malware Signature (hash: 0f37c730)

meta http-equiv="REFRESH" content="0;

/var/www/lesiak/lesia.ua/bitrix/php_interface/include/catalog_import/cron_frame.php

Size: 3.51 kB Created: 2020-09-26 01:16:19 Modified: 2024-04-22 10:36:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 96 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/php_interface/include/catalog_export/cron_frame.php

Size: 3.43 kB Created: 2020-09-26 01:16:19 Modified: 2024-04-22 10:36:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 93 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$strFile)

/var/www/lesiak/lesia.ua/bitrix/components/redsign/quickbuy.list/templates/flat/template.php

Size: 538.00 B Created: 2020-09-26 01:16:55 Modified: 2024-04-22 10:36:30 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/quickbuy.list/templates/metal/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:30 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/quickbuy.list/templates/light/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:30 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/quickbuy.list/templates/contrast/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:30 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/quickbuy.list/templates/sharp/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:30 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/news.archive/class.php

Size: 11.91 kB Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:30 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 234 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/components/redsign/easycart/templates/.default/template.php

Size: 3.83 kB Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 4
DescriptionMatch

Exploit execution Line: 22 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/viewed_products.php")

Exploit execution Line: 37 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/compare.php")

Exploit execution Line: 48 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/favorite.php")

Exploit execution Line: 59 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/daysarticle2.list/templates/flat/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/daysarticle2.list/templates/metal/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/daysarticle2.list/templates/light/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/daysarticle2.list/templates/contrast/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/daysarticle2.list/templates/sharp/template.php

Size: 538.00 B Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 3
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/big.php")

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/medium.php")

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/small.php")

/var/www/lesiak/lesia.ua/bitrix/components/redsign/catalog.add2basket/component.php

Size: 10.84 kB Created: 2020-09-26 01:16:56 Modified: 2024-04-22 10:36:31 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 224 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/components/aspro/developer.max/class.php

Size: 6.79 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:36:32 Dangers: 1
DescriptionMatch

Exploit execution Line: 138 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/license_key.php')

/var/www/lesiak/lesia.ua/bitrix/components/aspro/catalog.smart.filter/component.php

Size: 31.17 kB Created: 2023-03-21 17:17:04 Modified: 2024-04-22 10:36:32 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 613 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/components/aspro/oneclickbuy.max/.cache.php

Size: 109.00 B Created: 2023-08-26 12:47:50 Modified: 2024-04-22 10:36:32 Dangers: 1
DescriptionMatch

Sign 7e44169a Line: 1 Dangerous

Malware Signature (hash: 7e44169a)

$USER->Authorize(1)

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.order.full/templates/.default/template.php

Size: 5.19 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:36:33 Dangers: 7
DescriptionMatch

Exploit execution Line: 69 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step1.php")

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/auth.php")

Exploit execution Line: 71 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step2.php")

Exploit execution Line: 73 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step3.php")

Exploit execution Line: 75 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step4.php")

Exploit execution Line: 77 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step5.php")

Exploit execution Line: 79 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step6.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.comment/.default/template.php

Size: 21.48 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:36:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.edit/.default/template.php

Size: 24.73 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:36:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 369 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/template.php

Size: 21.26 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:36:35 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/script.php

Size: 11.35 kB Created: 2020-09-26 01:16:50 Modified: 2024-04-22 10:36:35 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/template.php

Size: 23.17 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:36:35 Dangers: 1
DescriptionMatch

Exploit execution Line: 367 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/script.php

Size: 22.93 kB Created: 2020-09-26 01:16:50 Modified: 2024-04-22 10:36:35 Warns: 1
DescriptionMatch

Function eval Line: 97 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/landing.start/lang/en/component.php

Size: 5.31 kB Created: 2020-09-26 01:16:35 Modified: 2024-04-22 10:36:37 Dangers: 1
DescriptionMatch

Sign 301ca578 Line: 28 Dangerous

Malware Signature (hash: 301ca578)

Trojan

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/landing.start/lang/de/component.php

Size: 5.91 kB Created: 2020-09-26 01:16:35 Modified: 2024-04-22 10:36:37 Dangers: 1
DescriptionMatch

Sign 301ca578 Line: 28 Dangerous

Malware Signature (hash: 301ca578)

Trojan

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/main.numerator.edit/templates/admin/template.php

Size: 312.00 B Created: 2020-09-26 01:16:52 Modified: 2024-04-22 10:36:38 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"] . $this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog.post.comment/templates/.default/scripts_for_editor.php

Size: 15.25 kB Created: 2020-09-26 01:16:33 Modified: 2024-04-22 10:36:39 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(scripts[s].JS);
                        }
                    }
                    
                    
BX.ajax.processScripts(scriptstrue);
//                    commentEr object may be set in template
                    
if(window.commentEr && window.commentEr == "Y")
                    {
                        
BX('err_comment_'+this.id[1]).innerHTML data;
                    }
                    else
                    {
                        if(
BX('edit_id').value 0)
                        {
                            var 
commentId 'blg-comment-'+this.id[1];
                            if(
BX(commentId))
                            {
                                var 
newComment BX.create('div',{'html':data});    // tmp container for data
//                                paste resp...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog.post.comment/templates/.default/template.php

Size: 30.03 kB Created: 2021-03-31 19:52:22 Modified: 2024-04-22 10:36:39 Dangers: 3
DescriptionMatch

Exploit execution Line: 134 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

Exploit execution Line: 23 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 24 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/scripts_for_editor.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/forum.topic.active/component.php

Size: 18.38 kB Created: 2020-12-18 00:01:03 Modified: 2024-04-22 10:36:40 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 11 Warning

Double var technique is usually used for the obfuscation of malicious code

${$s}

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/main.map/component.php

Size: 5.84 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:36:40 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 157 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$full_path.".section.php")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ".$CONDITION.";"))) continue; } $search_child false$search_path ''$full_path ''; if ($aMenu[1] <> '') { if(preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i"$aMenu[1])) { $full_path $aMenu[1]; } else { $full_path trim(Rel2Abs(mb_substr($PARENT_PATHmb_strlen($_SERVER["DOCUMENT_ROOT"])), $aMenu[1])); $slash_pos mb_strrpos($full_path"/"); if ($slash_pos !== false) { $page mb_substr($full_path$slash_pos 1); if(($pos mb_strpos($page'?')) !== false$pag...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog.post.edit/templates/.default/template.php

Size: 21.56 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:36:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 242 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog.post.edit/templates/.default/script.php

Size: 26.06 kB Created: 2020-09-26 01:16:51 Modified: 2024-04-22 10:36:41 Warns: 1
DescriptionMatch

Function eval Line: 140 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog.post.edit/templates/micro/template.php

Size: 4.44 kB Created: 2021-03-31 19:52:22 Modified: 2024-04-22 10:36:41 Dangers: 1
DescriptionMatch

Exploit execution Line: 69 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.sections.top/component.php

Size: 17.92 kB Created: 2020-12-18 00:01:05 Modified: 2024-04-22 10:36:54 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 180 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php

Size: 9.56 kB Created: 2021-03-31 19:54:11 Modified: 2024-04-22 10:36:55 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("var result = " data "; "); }
            if (
result['status'] == 'inprogress')
            {
                
document.getElementById('photogallery_recalc').innerHTML result['text'];
                if (
__this_source.bReady == false)
                {
                    
document.getElementById('ButtonPhotoGalleryRecalcStart').disabled false;
                    
document.getElementById('ButtonPhotoGalleryRecalcContinue').disabled false;
                    
document.getElementById('ButtonPhotoGalleryRecalcStop').disabled true;
                }
                else
                {
                    
document.getElementById(...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.bsm.site.master/tools/pushchecker.php

Size: 2.20 kB Created: 2020-09-26 01:16:49 Modified: 2024-04-22 10:36:58 Dangers: 1
DescriptionMatch

Exploit execution Line: 114 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.bsm.site.master/tools/modulechecker.php

Size: 3.04 kB Created: 2020-09-26 01:16:49 Modified: 2024-04-22 10:36:58 Dangers: 1
DescriptionMatch

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/main.user.link/component.php

Size: 19.45 kB Created: 2021-09-03 11:52:51 Modified: 2024-04-22 10:36:59 Dangers: 1
DescriptionMatch

Exploit execution Line: 445 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$folderPath."/card.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.filter/component.php

Size: 32.92 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:36:59 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 70 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

Exploit double_var2 Line: 73 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PREFILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/forum.index/class.php

Size: 16.85 kB Created: 2020-12-18 00:01:03 Modified: 2024-04-22 10:36:59 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 236 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PAGEN_NAME}

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.basket.order.ajax/component.php

Size: 38.65 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:37:01 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 556 Dangerous

Malware Signature (hash: 11413268)

eVal($_POST

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.basket.order.ajax/templates/.default/template.php

Size: 5.77 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:37:01 Dangers: 7
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_confirm.php")

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 28 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_delay.php")

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_notavail.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_subscribe.php")

Exploit execution Line: 44 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_person_type.php")

Exploit execution Line: 45 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_props.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/photogallery.detail.list/templates/slider_big/template.php

Size: 16.33 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:37:01 Warns: 1
DescriptionMatch

Function eval Line: 338 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("div.onclick = function(e){jsUtils.PreventDefault(e); jsUtils.Redirect([], '" res[ii].href "');};");
        
res[ii].parentNode.insertBefore(divres[ii]);
        
res[ii].onmouseover = function()
        {
            
this.previousSibling.onshow();
            
this.bxMouseOver 'Y';
        };
        
res[ii].onmouseout = function()
        {
            
this.bxMouseOver 'N';
            var 
__this this;
            
setTimeout(
                function()
                {
                    if (
__this.previousSibling && __this.previousSibling.bxMouseOver != "Y")
                    {
                        
__this.previousSibling...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/blog.post.comment.list/templates/.default/template.php

Size: 3.61 kB Created: 2020-09-26 01:16:37 Modified: 2024-04-22 10:37:01 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/forum.rules/lang/en/component.php

Size: 4.71 kB Created: 2020-09-26 01:16:49 Modified: 2024-04-22 10:37:02 Dangers: 1
DescriptionMatch

Sign 407651f7 Line: 27 Dangerous

Malware Signature (hash: 407651f7)

warez

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/main.ui.grid/templates/.default/template.php

Size: 48.31 kB Created: 2021-11-19 17:07:49 Modified: 2024-04-22 10:37:04 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(<?=CUtil::phpToJSObject($arResult["DATA_FOR_EDIT"])?>);
        var defaultColumns = eval(<?=CUtil::phpToJSObject($arResult["DEFAULT_COLUMNS"])?>);
        var Grid = BX.Main.gridManager.getById('<?=\CUtil::JSEscape($arParams["GRID_ID"])?>');
        var messages = eval(<?=CUtil::phpToJSObject($arResult["MESSAGES"])?>);

        Grid = Grid ? Grid.instance : null;

        if (Grid)
        {
            Grid.arParams.DEFAULT_COLUMNS = defaultColumns;
            Grid.arParams.MESSAGES = messages;

            Object.keys(editableData).forEach(function...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.smart.filter/component.php

Size: 29.58 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:37:05 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 23 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PREFILTER_NAME}

Exploit double_var2 Line: 578 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/photogallery/templates/.default/bitrix/blog.post.comment/photogallery/template.php

Size: 29.88 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:37:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.location.selector.system/templates/.default/template.php

Size: 17.99 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:37:11 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system(<?=CUtil::PhpToJSObject(array( 'scope' => 'slss-'.intval($arResult['RANDOM_TAG']), 'source' => $component->getPath().'/get.php''query' => array( 'BEHAVIOUR' => array( 'LANGUAGE_ID' => LANGUAGE_ID ), ), 'editUrl' => '?'.implode('&'$urlComponents), 'parentTagId' => intval($arResult['RANDOM_TAG']), 'useCodes' => $arResult['USE_CODES'], 'types' => $arResult['TYPES'], 'startSearchLen' => $component::START_SEARCH_LEN'pageSize' => $component::PAGE_SIZE'hugeTailLen' => $component::HUGE_TA...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.link.list/component.php

Size: 1.13 kB Created: 2020-12-18 00:01:05 Modified: 2024-04-22 10:37:11 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 19 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FN}

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.ajax.delivery.calculator/templates/input/ajax.php

Size: 864.00 B Created: 2020-09-26 01:16:38 Modified: 2024-04-22 10:37:11 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 15 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.ajax.delivery.calculator/templates/.default/ajax.php

Size: 0.99 kB Created: 2020-09-26 01:16:38 Modified: 2024-04-22 10:37:11 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 15 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.element/templates/store_v3/template.php

Size: 63.33 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:37:14 Dangers: 1
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE' => $arParams['PRICE_VAT_INCLUDE'], 'CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'], 'BASKET_URL' => $arParams['BASKET_URL'], 'ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'], 'PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'], 'PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'], 'USE_PRODUCT_QUANTITY' => 'N', 'PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'], 'CACHE_GROUPS' => $arParams['CACHE_GROUPS'], 'POTENTI...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.element/templates/.default/template.php

Size: 64.42 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:37:14 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1132 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE' => $arParams['PRICE_VAT_INCLUDE'],
                                '
CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'],
                                '
BASKET_URL' => $arParams['BASKET_URL'],
                                '
ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'],
                                '
PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'],
                                '
PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'],
                                '
USE_PRODUCT_QUANTITY' => 'N',
                                '
PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.element/templates/bootstrap_v4/template.php

Size: 64.53 kB Created: 2021-11-19 17:07:39 Modified: 2024-04-22 10:37:14 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1167 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE' => $arParams['PRICE_VAT_INCLUDE'],
                        '
CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'],
                        '
BASKET_URL' => $arParams['BASKET_URL'],
                        '
ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'],
                        '
PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'],
                        '
PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'],
                        '
USE_PRODUCT_QUANTITY' => 'N',
                        '
PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'],
                        '
CACH...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.basket.basket/1.php

Size: 56.68 kB Created: 2020-09-26 01:16:25 Modified: 2024-05-29 18:59:57 Warns: 1 Dangers: 1
DescriptionMatch

Exploit nano Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y3]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y5] ($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[1]( " Q8s+l+NXDI9CN1Q0LfSoD1xXmJmSFpgBlmKsFl2noZ/HWCmmJ0zsIHsTuV6mSLbzgOhjSHgxY/5vvVSGhK4/shr/H3SKGZcYvDv8qJOww3c3Zwn1sohqayJa8cpjLa87PVrljxohgsPe/fsFb/pn9xcxv2Zc3oJ2Bn8A5EeoZl+TaOw0Nj2Uv2gYHuyvSQbjIPjrpkNKrxxWCtkjzftSWWLlpT9yuUriPZ4R6V8M9I/v7KF6fPpFPQPdFwVLaVB9fEfM8KvZPe3c3AMuDBruSujZxjz20EXBSKRapZOxyM229uEXHxmW8//KkszwSfo6bfqSzHUYnvwHTsDtwFHv4...

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

EVaL ($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y3]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y5] ($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[1]( ""."
Q8s+l+NXDI9CN1Q0LfSoD1xXmJmSFpgBlmKsFl2noZ/HWCmmJ0zsIHsTuV6mSLbzgO" 
."hjSHgxY/5vvVSGhK4/shr/H3SKGZcYvDv8qJOww3c3Zwn1sohqayJa8cpjLa87PVrljxohgsPe/fsFb/pn9xcxv2Zc3oJ2Bn8A5EeoZl+TaOw0Nj2Uv2gYHuyvSQbjIPjrpkNKrxxWCtkjzftSWWLlpT9yuUriPZ4R6V8M9I/v7KF6fPpFPQPdFwVLaVB9fEfM8KvZPe3c3AMuDBruSujZxjz20EXBSKRapZOxyM2"."29uEXHxmW8//KkszwSfo6bfqS...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog/templates/store_v3/section.php

Size: 2.46 kB Created: 2021-09-03 11:53:52 Modified: 2024-04-22 10:37:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 74 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog/templates/.default/section.php

Size: 2.44 kB Created: 2020-09-26 01:16:37 Modified: 2024-04-22 10:37:21 Dangers: 1
DescriptionMatch

Exploit execution Line: 76 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog/templates/bootstrap_v4/section.php

Size: 2.46 kB Created: 2020-09-26 01:16:37 Modified: 2024-04-22 10:37:21 Dangers: 1
DescriptionMatch

Exploit execution Line: 74 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/".$this->GetFolder()

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.crm.site.master/tools/pushchecker.php

Size: 2.27 kB Created: 2021-03-31 19:52:33 Modified: 2024-04-22 10:37:22 Dangers: 1
DescriptionMatch

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.crm.site.master/tools/modulechecker.php

Size: 5.15 kB Created: 2021-03-31 19:52:33 Modified: 2024-04-22 10:37:22 Dangers: 1
DescriptionMatch

Exploit execution Line: 141 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sender.message.editor/templates/.default/template.php

Size: 14.59 kB Created: 2021-11-19 17:08:05 Modified: 2024-04-22 10:37:23 Dangers: 1
DescriptionMatch

Exploit nano Line: 174 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$option['view']()

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/main.mail.form/templates/.default/template.php

Size: 20.02 kB Created: 2021-11-19 17:07:56 Modified: 2024-04-22 10:37:23 Dangers: 1
DescriptionMatch

Exploit nano Line: 288 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$field['render']($field)

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/report.construct/templates/admin/template.php

Size: 40.03 kB Created: 2021-03-31 19:52:40 Modified: 2024-04-22 10:37:27 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(ySelects[i].name))
            {
                
colId match[1];
                if (
colId !== null && yColumnsIndexes[colId] !== null)
                    
setSelectValue(ySelects[i], yColumnsIndexes[colId]);
            }
        }
        var 
chartCheckbox BX('report-chart-display-checkbox');
        if (
chartCheckbox)
        {
            
BX.bind(chartCheckbox'click', function () {
                var 
chartSwitchBlock BX('report-chart-switch');
                var 
chartParamsBlock BX('report-chart-params');
                if (
chartSwitchBlock)
                {
                    if (
this.checkedBX.addClass(chartSwitchBloc...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/report.construct/templates/.default/template.php

Size: 40.31 kB Created: 2021-03-31 19:52:40 Modified: 2024-04-22 10:37:27 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(ySelects[i].name))
            {
                
colId match[1];
                if (
colId !== null && yColumnsIndexes[colId] !== null)
                    
setSelectValue(ySelects[i], yColumnsIndexes[colId]);
            }
        }
        var 
chartCheckbox BX('report-chart-display-checkbox');
        if (
chartCheckbox)
        {
            
BX.bind(chartCheckbox'click', function () {
                var 
chartSwitchBlock BX('report-chart-switch');
                var 
chartParamsBlock BX('report-chart-params');
                if (
chartSwitchBlock)
                {
                    if (
this.checkedBX.addClass(chartSwitchBloc...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/b24connector.button.list/ajax.php

Size: 3.74 kB Created: 2020-09-26 01:16:51 Modified: 2024-04-22 10:37:27 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $this->request Context::getCurrent()->getRequest(); $this->action $this->request->get('action'); $this->prepareRequestData(); if($this->check()) { call_user_func_array($this->getActionCall(), array($this->requestData)); } $this->giveResponse(); } } $controller = new B24CButtonListAjaxController(); $controller->exec()

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/scripts_for_editor.php

Size: 14.80 kB Created: 2020-09-26 01:16:35 Modified: 2024-04-22 10:37:28 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(scripts[s].JS);
                        }
                    }
                    
                    
BX.ajax.processScripts(scriptstrue);
//                    commentEr object may be set in template
                    
if(window.commentEr && window.commentEr == "Y")
                    {
                        
BX('err_comment_'+this.id[1]).innerHTML data;
                    }
                    else
                    {
                        if(
BX('edit_id').value 0)
                        {
                            var 
commentId 'blg-comment-'+this.id[1];
                            if(
BX(commentId))
                            {
                                var 
newComment BX.create('div',{'html':data});    // tmp container for data
//                                paste resp...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/template.php

Size: 31.76 kB Created: 2020-12-18 00:01:05 Modified: 2024-04-22 10:37:28 Dangers: 3
DescriptionMatch

Exploit execution Line: 185 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/scripts_for_editor.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/forum.topic.list/component.php

Size: 23.88 kB Created: 2020-12-18 00:01:03 Modified: 2024-04-22 10:37:30 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 244 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PAGEN_NAME}

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.notice.product/templates/.default/template.php

Size: 7.43 kB Created: 2020-09-26 01:16:28 Modified: 2024-04-22 10:37:34 Warns: 1
DescriptionMatch

Function eval Line: 130 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );

                            if (
rs['ERRORS'].length 0)
                            {
                                if (
rs['ERRORS'] == 'NOTIFY_ERR_NULL')
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_NULL')?>';
                                else if (
rs['ERRORS'] == 'NOTIFY_ERR_CAPTHA')
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_CAPTHA')?>';
                                else if (
rs['ERRORS'] == 'NOTIFY_ERR_MAIL_EXIST')
                                {
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_MAIL_BUYERS_EXIST')?>';
                        ...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/photogallery.detail.list.ex/templates/.default/template.php

Size: 12.71 kB Created: 2021-11-19 17:07:51 Modified: 2024-04-22 10:37:34 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 110 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*width*/

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/photogallery.detail.list.ex/templates/.default/bitrix/blog.post.comment/photogallery/template.php

Size: 18.81 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:37:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 144 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/report.view/templates/admin/template.php

Size: 55.11 kB Created: 2021-09-03 11:54:25 Modified: 2024-04-22 10:37:38 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('response = ' data);
                if (
response)
                {
                    if (
response.imageData)
                    {
                        if (
response.imageData.substr(0,10) === 'data:image')
                        {
                            
img BX('report-chart-image');
                            
img.src response.imageData;
                            if (
response.legendInfo)
                            {
                                var 
legendContainer BX('report-chart-legend-container');
                                var 
legendRowExample BX('report-chart-legend-row-example');
                                var 
chartType requestData['type'];
                                var 
legendNewRowlegendSticklegend...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/mobileapp.menu/templates/.default/template.php

Size: 12.57 kB Created: 2020-09-26 01:16:32 Modified: 2024-04-22 10:37:39 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec("showAuthForm");
                }
            }
    <?endif;
?>

    if(BX.PULL)
    {
        BX.addCustomEvent("onPullExtendWatch", function(data) {
            BX.PULL.extendWatch(data.id);
        });

        BX.addCustomEvent("thisPageWillDie", function(data) {
            BX.PULL.clearWatch(data.page_id);
        });

        BX.addCustomEvent("onPullEvent", function (module_id, command, params)
        {
            if (module_id == 'main' && (command == 'user_authorize' || command == 'user_logout' || command == 'online_list'))
            {
                //app.onCustomEvent('onPullOnline', {...

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.location.import/templates/admin/template.php

Size: 13.06 kB Created: 2021-09-03 11:54:46 Modified: 2024-04-22 10:37:39 Dangers: 1
DescriptionMatch

Sign 7830f7a6 Line: 11 Dangerous

Malware Signature (hash: 7830f7a6)

nc-l

/var/www/lesiak/lesia.ua/bitrix/components/bitrix/sale.location.import/templates/.default/template.php

Size: 15.64 kB Created: 2020-09-26 01:16:19 Modified: 2024-04-22 10:37:39 Dangers: 1
DescriptionMatch

Sign 7830f7a6 Line: 11 Dangerous

Malware Signature (hash: 7830f7a6)

nc-l

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/weather/.description.php

Size: 140.00 B Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:42 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/weather/lang/ru/exec/.description.php')

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/weather/.parameters.php

Size: 103.00 B Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:42 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/weather/lang/ru/exec/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/weather/index.php

Size: 97.00 B Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:42 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/weather/lang/ru/exec/index.php')

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/admin_info/index.php

Size: 2.14 kB Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:42 Dangers: 1
DescriptionMatch

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/probki/.description.php

Size: 139.00 B Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/probki/lang/ru/exec/.description.php')

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/probki/.parameters.php

Size: 102.00 B Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/probki/lang/ru/exec/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/probki/index.php

Size: 96.00 B Created: 2020-09-26 01:21:02 Modified: 2024-04-22 10:37:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/gadgets/bitrix/probki/lang/ru/exec/index.php')

/var/www/lesiak/lesia.ua/bitrix/gadgets/bitrix/admin_security/index.php

Size: 4.51 kB Created: 2021-09-03 11:53:43 Modified: 2024-04-22 10:37:43 Dangers: 1
DescriptionMatch

Exploit execution Line: 40 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/include/error_module_license.php

Size: 540.00 B Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:37:59 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/sale.gift.main.products/main/template.php

Size: 6.74 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:01 Dangers: 2
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"], "CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"], "CURRENCY_ID" => $arParams["CURRENCY_ID"], "HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"], "TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""), "ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""), "LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""), "OFFER_ADD_PICT_PROP" => (isset($arPara...

Exploit clever_include Line: 78 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
                        "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
                        "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
                        "
HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"],
                        "
TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""),

                        "
ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""),

                        "
LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""),
    ...

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/news.detail/news/component_epilog.php

Size: 46.84 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:02 Dangers: 1
DescriptionMatch

Exploit execution Line: 1281 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main2/component_epilog.php

Size: 65.41 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:04 Dangers: 2
DescriptionMatch

Exploit execution Line: 1385 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1471 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main2/template.php

Size: 79.56 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:04 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1432 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main3/component_epilog.php

Size: 65.41 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 2
DescriptionMatch

Exploit execution Line: 1385 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1471 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main3/template.php

Size: 81.54 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1453 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main4/component_epilog.php

Size: 65.41 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 2
DescriptionMatch

Exploit execution Line: 1385 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1471 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main4/template.php

Size: 80.74 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1438 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main/component_epilog.php

Size: 61.57 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:05 Dangers: 2
DescriptionMatch

Exploit execution Line: 1388 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1474 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main/template.php

Size: 80.73 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1485 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main5/component_epilog.php

Size: 65.41 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 2
DescriptionMatch

Exploit execution Line: 1385 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1471 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.element/main5/template.php

Size: 82.13 kB Created: 2021-04-16 10:31:22 Modified: 2024-04-22 10:38:05 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1462 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/sale.basket.basket/top_hover/template.php

Size: 6.00 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:05 Dangers: 3
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

Exploit execution Line: 51 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 55 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/sale.basket.basket/fly/template.php

Size: 12.60 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:05 Dangers: 3
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 81 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.comments/main/bitrix/blog.post.comment/adapt/template.php

Size: 30.93 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:06 Dangers: 2
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/catalog.comments/catalog/bitrix/blog.post.comment/adapt/template.php

Size: 34.00 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:06 Dangers: 2
DescriptionMatch

Exploit execution Line: 25 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/components/bitrix/search.form/top/template.php

Size: 611.00 B Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/search.title.catalog2.php')

/var/www/lesiak/lesia.ua/bitrix/tmp/templates/__bx_preview/ajax/form.php

Size: 4.25 kB Created: 2021-04-16 10:31:21 Modified: 2024-04-22 10:38:08 Dangers: 1
DescriptionMatch

Exploit execution Line: 31 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/backup/index.php

Size: 80.00 B Created: 2020-09-29 15:32:42 Modified: 2024-04-22 10:40:59 Dangers: 1
DescriptionMatch

Sign 0f37c730 Line: 1 Dangerous

Malware Signature (hash: 0f37c730)

meta http-equiv="REFRESH" content="0;

/var/www/lesiak/lesia.ua/.htaccess

Size: 7.83 kB Created: 2024-04-22 20:28:47 Modified: 2024-04-22 20:28:37 Dangers: 1
DescriptionMatch

Exploit file_prepend Line: 18 Dangerous

LFI (Local File Inclusion), prepending a file at the bottom of every others PHP files, allow remote attackers to inject and execute arbitrary commands or code on the target machine

php_value auto_prepend_file

/var/www/lesiak/lesia.ua/ajax/form.php

Size: 4.83 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:34:17 Dangers: 1
DescriptionMatch

Exploit execution Line: 33 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)