Report

Version: 0.10.4
Scan date: 2024-05-29 19:25:11
Files analyzed: 67174 | Files infected: 738

/var/www/lesiak/lesia.ua/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:23:25 Modified: 2024-04-22 10:42:17 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/site_hz/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:22:07 Modified: 2024-04-22 10:42:18 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/site_hz/ajax/form.php

Size: 4.25 kB Created: 2020-09-26 01:22:07 Modified: 2024-04-22 10:42:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 31 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/coupon_activation.php

Size: 16.28 kB Created: 2021-09-03 11:53:03 Modified: 2024-04-22 10:34:18 Dangers: 1
DescriptionMatch

Exploit execution Line: 143 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/redsign/easycart/gopro/template.php

Size: 6.66 kB Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:19 Dangers: 4
DescriptionMatch

Exploit execution Line: 32 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/viewed_products.php")

Exploit execution Line: 44 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/compare.php")

Exploit execution Line: 53 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/favorite.php")

Exploit execution Line: 62 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.product.subscribe.list/gopro/component_epilog.php

Size: 227.00 B Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 7 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/component_epilog.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.product.subscribe.list/gopro/template.php

Size: 6.20 kB Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 151 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.product.subscribe.list/gopro/result_modifier.php

Size: 318.00 B Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:19 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/template_ext/catalog.section/gopro/result_modifier.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/sale.order.ajax/gopro/props.php

Size: 5.08 kB Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/sale.order.ajax/gopro/related_props.php

Size: 471.00 B Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/props_format.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/news.detail/brands/component_epilog.php

Size: 301.00 B Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 7 Warning

Double var technique is usually used for the obfuscation of malicious code

${$filterName}

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.smart.filter/gopro/ajax.php

Size: 1.05 kB Created: 2020-09-26 01:17:50 Modified: 2024-04-22 10:34:20 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 17 Warning

Double var technique is usually used for the obfuscation of malicious code

${$FILTER_NAME}

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/sale.basket.basket/rs_easycart/template.php

Size: 657.00 B Created: 2020-09-26 01:17:49 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 10 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$templateFolder.'/basket_items.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/component_epilog.php

Size: 410.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/component_epilog.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/.parameters.php

Size: 189.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/template.php

Size: 3.06 kB Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 101 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/result_modifier.php

Size: 448.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/result_modifier.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/ru/.parameters.php

Size: 124.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/ru/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/ru/template.php

Size: 121.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/ru/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/en/.parameters.php

Size: 124.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/en/.parameters.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/redsign/proopt/site/templates/proopt/components/bitrix/catalog.bigdata.products/gopro/lang/en/template.php

Size: 121.00 B Created: 2020-09-26 01:17:57 Modified: 2024-04-22 10:34:20 Dangers: 1
DescriptionMatch

Exploit execution Line: 2 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_TEMPLATE_PATH.'/components/bitrix/catalog.section/gopro/lang/en/template.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.gift.main.products/main/template.php

Size: 6.74 kB Created: 2020-09-26 01:18:18 Modified: 2024-04-22 10:34:28 Dangers: 2
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"], "CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"], "CURRENCY_ID" => $arParams["CURRENCY_ID"], "HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"], "TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""), "ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""), "LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""), "OFFER_ADD_PICT_PROP" => (isset($arPara...

Exploit clever_include Line: 78 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
                        "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
                        "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
                        "
HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"],
                        "
TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""),

                        "
ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""),

                        "
LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""),
    ...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/news.detail/news/component_epilog.php

Size: 46.99 kB Created: 2021-11-20 12:57:52 Modified: 2024-04-22 10:34:28 Dangers: 1
DescriptionMatch

Exploit execution Line: 1285 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/component_epilog.php

Size: 68.33 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1404 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1532 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/template.php

Size: 89.22 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1623 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/template.php

Size: 90.81 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1619 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/template.php

Size: 90.38 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1611 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/component_epilog.php

Size: 62.38 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/template.php

Size: 89.71 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1660 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/component_epilog.php

Size: 66.25 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:34:29 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/template.php

Size: 91.74 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1633 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main5/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:34:29 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.basket.basket/top_hover/template.php

Size: 5.98 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:34:29 Dangers: 3
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

Exploit execution Line: 51 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 55 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.basket.basket/fly/template.php

Size: 12.60 kB Created: 2021-11-20 12:57:55 Modified: 2024-04-22 10:34:29 Dangers: 3
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder.$arElement["FILE"])

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 81 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/functions.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.comments/main/bitrix/blog.post.comment/adapt/template.php

Size: 30.93 kB Created: 2020-09-26 01:18:16 Modified: 2024-04-22 10:34:30 Dangers: 2
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.comments/catalog/bitrix/blog.post.comment/adapt/template.php

Size: 34.00 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:34:30 Dangers: 2
DescriptionMatch

Exploit execution Line: 25 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 263 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/templates/aspro_max/components/bitrix/search.form/top/template.php

Size: 611.00 B Created: 2020-09-26 01:18:16 Modified: 2024-04-22 10:34:30 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/search.title.catalog2.php')

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/public/ru/include/error_module_license.php

Size: 540.00 B Created: 2020-09-26 01:18:14 Modified: 2024-04-22 10:34:30 Dangers: 1
DescriptionMatch

Exploit execution Line: 1 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/aspro/max/site/public/ru/ajax/form.php

Size: 4.83 kB Created: 2021-03-01 14:07:48 Modified: 2024-04-22 10:34:30 Dangers: 1
DescriptionMatch

Exploit execution Line: 33 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].$url_sizes)

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download.php

Size: 2.02 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:32 Dangers: 2
DescriptionMatch

Exploit execution Line: 36 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

Exploit execution Line: 72 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download_private/download_private.php

Size: 3.58 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:32 Dangers: 1
DescriptionMatch

Exploit execution Line: 129 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download_balance.php

Size: 2.91 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:32 Dangers: 2
DescriptionMatch

Exploit execution Line: 50 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php")

Exploit execution Line: 98 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/wizards/bitrix/demo/scripts/template.php

Size: 15.72 kB Created: 2020-09-26 01:17:48 Modified: 2024-04-22 10:34:33 Warns: 1
DescriptionMatch

Function eval Line: 462 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(response);
            }

            
CAjaxForm.prototype.ShowError = function(errorMessage)
            {
                var 
errorContainer document.getElementById("error_container");
                var 
errorText document.getElementById("error_text");
                if (!
errorContainer || !errorText)
                    return;

                var 
waitWindow document.getElementById("wait");
                if (
waitWindow)
                    
waitWindow.style.display "none";

                
errorContainer.style.display 'block';
                
errorText.innerHTML strip_tags(errorMessage);

                var 
retryButton = ...

/var/www/lesiak/lesia.ua/bitrix/admin/cat_section_admin.php

Size: 129.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_section_admin.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_product_admin.php

Size: 129.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_element_admin.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_product_edit.php

Size: 128.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_element_edit.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_product_list.php

Size: 126.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_list_admin.php")

/var/www/lesiak/lesia.ua/bitrix/admin/cat_section_edit.php

Size: 128.00 B Created: 2020-09-26 01:17:41 Modified: 2024-04-22 10:34:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/iblock/admin/iblock_section_edit.php")

/var/www/lesiak/lesia.ua/bitrix/managed_cache/MYSQL/b_option/50/50e86f69102f2636b841acbcfd284541.php

Size: 1.09 kB Created: 2020-12-23 20:17:44 Modified: 2024-04-22 10:34:36 Dangers: 1
DescriptionMatch

Sign b236d073 Line: 5 Dangerous

Malware Signature (hash: b236d073)

/*;*/

/var/www/lesiak/lesia.ua/bitrix/managed_cache/MYSQL/security/site_checker/fe/fe281fe196231c8d5d04f39a286c1fd5.php

Size: 18.30 kB Created: 2020-12-23 19:26:32 Modified: 2024-04-22 10:34:36 Dangers: 1
DescriptionMatch

Sign 7186bb8d Line: 16 Dangerous

Malware Signature (hash: 7186bb8d)

rwxrwxrwx

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/index.php

Size: 21.20 kB Created: 2021-09-03 11:54:16 Modified: 2024-04-22 10:34:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 456 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/blog/install/events/set_events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.comment/.default/template.php

Size: 21.48 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.edit/.default/template.php

Size: 24.73 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:46 Dangers: 1
DescriptionMatch

Exploit execution Line: 369 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/template.php

Size: 21.26 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 5 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/script.php

Size: 11.35 kB Created: 2020-09-26 01:20:22 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/template.php

Size: 23.17 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 367 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/script.php

Size: 22.93 kB Created: 2020-09-26 01:20:22 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Line: 97 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment/templates/.default/scripts_for_editor.php

Size: 15.25 kB Created: 2020-09-26 01:20:15 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(scripts[s].JS);
                        }
                    }
                    
                    
BX.ajax.processScripts(scriptstrue);
//                    commentEr object may be set in template
                    
if(window.commentEr && window.commentEr == "Y")
                    {
                        
BX('err_comment_'+this.id[1]).innerHTML data;
                    }
                    else
                    {
                        if(
BX('edit_id').value 0)
                        {
                            var 
commentId 'blg-comment-'+this.id[1];
                            if(
BX(commentId))
                            {
                                var 
newComment BX.create('div',{'html':data});    // tmp container for data
//                                paste resp...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment/templates/.default/template.php

Size: 30.03 kB Created: 2021-03-31 19:52:23 Modified: 2024-04-22 10:34:47 Dangers: 3
DescriptionMatch

Exploit execution Line: 134 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

Exploit execution Line: 23 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

Exploit execution Line: 24 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/scripts_for_editor.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/.default/template.php

Size: 21.56 kB Created: 2021-09-03 11:54:17 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 242 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/neweditor.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/.default/script.php

Size: 26.06 kB Created: 2020-09-26 01:20:23 Modified: 2024-04-22 10:34:47 Warns: 1
DescriptionMatch

Function eval Line: 140 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval(thetag "_open");

    if (
tagOpen == 0)
    {
        if (
doInsert("[" thetag "]""[/" thetag "]"true))
        {
            eval(
thetag "_open = 1");
            
// Change the button status

            
pushstack(bbtagsthetag);
            
cstat();
        }
    }
    else
    {
        
// Find the last occurance of the opened tag
        
lastindex 0;

        for (
bbtags.lengthi++ )
        {
            if ( 
bbtags[i] == thetag )
            {
                
lastindex i;
            }
        }

        
// Close all tags opened up to that tag was opened
        
while (bbtags[lastindex])
        {
            
tagR...

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/micro/template.php

Size: 4.44 kB Created: 2021-03-31 19:52:22 Modified: 2024-04-22 10:34:47 Dangers: 1
DescriptionMatch

Exploit execution Line: 69 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

/var/www/lesiak/lesia.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment.list/templates/.default/template.php

Size: 3.61 kB Created: 2020-09-26 01:20:15 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/invoice.php

Size: 252.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/invoice.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/factura.php

Size: 252.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/factura.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/waybill.php

Size: 252.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/waybill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/reports/order_form.php

Size: 258.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/reports/order_form.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/general/sale_report_helper.php

Size: 110.73 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:48 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 972 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/install/version.php")

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( 'function ___dbCastIntToChar($dbtype, $param)''{''   $result = $param;''   if (ToLower($dbtype) === "mssql")''   {''       $result = "CAST(".$param." AS VARCHAR)";''   }''   return $result;''}' ); } if (self::$bUsePriceTypesColumns) { foreach (self::$priceTypes as $id => $info) { if ($info['selected'] === true) { $fieldName 'PRICE_TYPE_'.$id$runtime[$fieldName] = array( 'data_type' => 'string''expression' => array('
                (SELECT '
.$DB->Concat(___dbCastIntToChar($DBType...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/general/discount.php

Size: 54.51 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:48 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$checkOrder='.$strUnpack.';'); if (!is_callable($checkOrder)) return false$boolRes $checkOrder($arOrder); unset($checkOrder); return $boolRes; } protected static function __ApplyActions(&$arOrder$strActions) { $applyOrder null; if (!empty($strActions)) { eval('$applyOrder='.$strActions.';'); if (is_callable($applyOrder)) $applyOrder($arOrder); } } protected static function __ConvertOldFormat($strAction, &$arFields) { global $APPLICATION$arMsg = array(); $boolResult true$arNee...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/russianpost/country.php

Size: 203.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/russianpost/country.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_kaz_post.php

Size: 199.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_kaz_post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_russianpost.php

Size: 205.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_russianpost.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_rus_post.php

Size: 199.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_rus_post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_pecom.php

Size: 193.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_pecom.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_ua_post.php

Size: 197.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_ua_post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_ems.php

Size: 189.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_ems.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_cpcr.php

Size: 191.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_cpcr.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/cpcr/cities.php

Size: 187.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/cpcr/cities.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/cpcr/locations.php

Size: 193.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/cpcr/locations.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/delivery/delivery_rus_post_first.php

Size: 211.00 B Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/delivery/delivery_rus_post_first.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/include.php

Size: 21.05 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:48 Dangers: 1
DescriptionMatch

Exploit execution Line: 197 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/include.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/handlers/paysystem/yandex/lang/en/.description.php

Size: 2.62 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:49 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (scid)"; $MESS["SALE_HPS_YANDEX_SCID_DESC"] = "Showcase identifier in payment collector system (scid)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/handlers/paysystem/yandexinvoice/lang/en/.description.php

Size: 952.00 B Created: 2020-09-26 01:20:37 Modified: 2024-04-22 10:34:49 Warns: 1
DescriptionMatch

Function system Line: 3 Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system (ShopID)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/delivery/extra_services/manager.php

Size: 17.44 kB Created: 2021-11-19 17:07:44 Modified: 2024-04-22 10:34:49 Dangers: 1
DescriptionMatch

Exploit nano Line: 254 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$params["CLASS_NAME"]($params["ID"], $params$currency$value$additionalParams)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/location/migration/migrate.php

Size: 54.00 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:49 Dangers: 1
DescriptionMatch

Exploit execution Line: 1090 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/sale/lang/'.$item['LID'].'/lib/location/migration/migrate.php')

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/location/import/compiler/compiler.php

Size: 75.72 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:49 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system('cp '.$workDir.self::STATIC_CSV_DIR.'externalservice.csv '.$workDir.'/'.self::OUTPUT_DIR); system('cp '.$workDir.self::STATIC_CSV_DIR.'type.csv '.$workDir.'/'.self::OUTPUT_DIR); } private $currentParentGroup ''; private function addItemToCSV($fName$group$item) { $data = array( 'CODE' => $item['CODE'], 'PARENT_CODE' => $item['PARENT_CODE'], 'TYPE_CODE' => $item['TYPE_CODE'] ); $data['NAME.RU.NAME'] = ''$data['NAME.EN.NAME'] = ''$data['NAME.UA.NAME'] = ''$name unserialize($ite...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/internals/conversionhandlers.php

Size: 13.14 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 282 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*array*/

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/internals/product.php

Size: 12.27 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( 'function ___dbCastIntToChar($dbtype, $param)''{''   $result = $param;''   if (ToLower($dbtype) === "mssql")''   {''       $result = "CAST(".$param." AS VARCHAR)";''   }''   return $result;''}' ); } $fieldsMap = array( 'ID' => array( 'data_type' => 'integer''primary' => true ), 'TIMESTAMP_X' => array( 'data_type' => 'integer' ), 'DATE_UPDATED' => array( 'data_type' => 'datetime''expression' => array( $DB->datetimeToDateFunction('%s'), 'TIMESTAMP_X', ) ), 'QUANTITY' => a...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/discount/preset/basepreset.php

Size: 23.97 kB Created: 2021-11-19 17:07:47 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { $isPost $this->request->isPost(); $stepName $this->getStepName(); $state $this->getState(); if($stepName === $this->getFirstStepName() && !$isPost && $this->isDiscountEditing()) { $state $this->generateState($this->discount); } if($this->isRunningPrevStep()) { $stepName $state->getPrevStep(); } if($isPost && !$this->isRunningPrevStep()) { list($state$nextStep) = $this->runStep($stepName$stateself::MODE_SAVE); if($stepName != $nextStep) { $state->addStepChain($stepName); ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/discountbase.php

Size: 155.68 kB Created: 2021-09-03 11:54:11 Modified: 2024-04-22 10:34:50 Warns: 1 Dangers: 1
DescriptionMatch

Exploit nano Line: 2282 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$discount[$executeKey]($this->orderData)

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($evalCode); } catch (\ParseError $e) { $this->showAdminError(); } } else { eval($evalCode); } unset($evalCode); if (!is_callable($checkOrder)) return false$result $checkOrder($this->orderData); unset($checkOrder); } else { if (!is_callable($discountLink[$executeKey])) return false$result $discountLink[$executeKey]($this->orderData); } unset($discountLink); return $result; } protected function applySaleDiscount() { $result = new ResultDiscount\Actions::clearApplyCounter(); $discoun...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/lib/compatible/discountcompatibility.php

Size: 44.44 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$applyProduct='.$orderApplication.';'); if (is_callable($applyProduct)) $applyProduct($fields); unset($applyProduct); if (!empty($fields['DISCOUNT_RESULT'])) { self::$discountResult['BASKET'][$code][$index]['RESULT']['DESCR_DATA'] = $fields['DISCOUNT_RESULT']['BASKET']; self::$discountResult['BASKET'][$code][$index]['RESULT']['DESCR'] = self::formatDescription($fields['DISCOUNT_RESULT']); } unset($fields['DISCOUNT_RESULT']); } unset($orderApplication); } unset($discount$index); return tr...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/z_payment_result.php

Size: 290.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/z_payment_result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/ru/z_payment.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/ru/z_payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/z_payment/en/z_payment.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/z_payment/en/z_payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank_new/payment.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank_new/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank_new/.description.php

Size: 288.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank_new/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/payment.php

Size: 268.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/ru/paycash.php

Size: 199.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/ru/paycash.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paycash/en/paycash.php

Size: 199.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paycash/en/paycash.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/payment.php

Size: 275.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/ru/bill.php

Size: 194.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/ru/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_de/en/bill.php

Size: 193.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/de/payment/bill_de/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/payflow_pro/payment.php

Size: 9.77 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($ret_com$arOutput$ret_var); $strOutput $arOutput[0]; parse_str($strOutput$arResult); if (is_array($arResult) && strlen($arResult["RESULT"])>0) { $arFields = array( "PS_STATUS" => (($arResult["RESULT"]==0) ? "Y" "N"), "PS_STATUS_CODE" => $arResult["RESULT"], "PS_STATUS_DESCRIPTION" => $arResult["RESPMSG"]." - ".$arResult["PREFPSMSG"], "PS_STATUS_MESSAGE" => $arResult["PNREF"], "PS_RESPONSE_DATE" => Date(CDatabase::DateFormatToPHP(CLang::GetDateFormat("FULL"LANG))) ); $arResult["R...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/payflow_pro/action.php

Size: 5.77 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($ret_com$arOutput$ret_var); $strOutput $arOutput[0]; parse_str($strOutput$arResult); if (is_array($arResult) && strlen($arResult["RESULT"])>0) { $OUTPUT_STATUS = (($arResult["RESULT"] == 0) ? "Y" "N"); $OUTPUT_STATUS_CODE $arResult["RESULT"]; $OUTPUT_STATUS_DESCRIPTION $arResult["RESPMSG"]." - ".$arResult["PREFPSMSG"]; $OUTPUT_STATUS_MESSAGE $arResult["PNREF"]; $OUTPUT_SUM $INPUT_SUM$OUTPUT_CURRENCY "USD"$OUTPUT_RESPONSE_DATE Date(CDatabase::DateFormatToPHP(CLang::...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/payflow_pro/pre_payment.php

Size: 8.22 kB Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($ret_com$arOutput$ret_var); $strOutput $arOutput[0]; parse_str($strOutput$arResult); if (is_array($arResult) && strlen($arResult["RESULT"])>0) { $arPaySysResult = array( "PS_STATUS" => (($arResult["RESULT"] == 0) ? "Y" "N"), "PS_STATUS_CODE" => $arResult["RESULT"], "PS_STATUS_DESCRIPTION" => $arResult["RESPMSG"]." - ".$arResult["PREFPSMSG"], "PS_STATUS_MESSAGE" => $arResult["PNREF"], "PS_SUM" => $AMT"PS_CURRENCY" => "USD""PS_RESPONSE_DATE" => Date(CDatabase::DateFormatToPHP(CL...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/payment.php

Size: 276.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/.description.php

Size: 286.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/ru/payment.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/kreditpilot/en/payment.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/kreditpilot/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/oshadbank/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/oshadbank/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/oshadbank/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/oshadbank/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/payment.php

Size: 270.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/.description.php

Size: 280.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/ru/payment.php

Size: 201.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/mcsecure/en/payment.php

Size: 201.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/mcsecure/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/liqpay/result_rec.php

Size: 1.32 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 20 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['operation_xml'])

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/payment.php

Size: 270.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/.description.php

Size: 280.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/ru/webmoney.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/ru/webmoney.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney/en/webmoney.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney/en/webmoney.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/worldpay/.description.php

Size: 3.63 kB Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

System (via http://www.worldpay.com/admin). In the new window that "; $psDescription .= "opens you will need to scroll down to the section headed Installations and select the Configuration options button corresponding to the instId you are using.<br>"; $psDescription .= "You need to complete the following settings:<br>"; $psDescription .= "- <b>Callback URL</b><br>This should be set to the complete address to your callback URL (this file), hosted on your server.<br>"; $psDescription .= "You shou...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/payment.php

Size: 270.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/.description.php

Size: 280.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/ru/sberbank.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/ru/sberbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/sberbank/en/sberbank.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/sberbank/en/sberbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/payment.php

Size: 262.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/.description.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/ru/post.php

Size: 187.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/ru/post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/post/en/post.php

Size: 187.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/post/en/post.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/payment.php

Size: 264.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/.description.php

Size: 274.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/ru/payment.php

Size: 195.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/binom/en/payment.php

Size: 195.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/binom/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/payment.php

Size: 269.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/.description.php

Size: 272.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/ru/bill.php

Size: 188.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/ru/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill/en/bill.php

Size: 187.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/payment.php

Size: 273.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/result_rec.php

Size: 279.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/ru/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/en/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/moneymail/result.php

Size: 270.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/moneymail/result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/payment.php

Size: 275.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/en/bill.php

Size: 193.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_la/la/bill.php

Size: 194.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/la/payment/bill_la/la/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/payment.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/result_rec.php

Size: 284.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/.description.php

Size: 288.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/ru/webmoney_web.php

Size: 219.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/ru/webmoney_web.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_web/en/webmoney_web.php

Size: 219.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_web/en/webmoney_web.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/payment.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/result_rec.php

Size: 284.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/.description.php

Size: 288.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/ru/webmoney_pci.php

Size: 219.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/ru/webmoney_pci.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/en/webmoney_pci.php

Size: 219.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/en/webmoney_pci.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/webmoney_pci/result.php

Size: 276.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/webmoney_pci/result.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/payment.php

Size: 266.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/result_rec.php

Size: 272.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/.description.php

Size: 276.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/ru/payment.php

Size: 197.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex/en/payment.php

Size: 197.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:50 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/result_rec.php

Size: 278.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/ru/webmoney_web.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/ru/paymaster.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/paymaster/en/paymaster.php

Size: 207.00 B Created: 2020-09-26 01:20:28 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/paymaster/en/paymaster.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/payment.php

Size: 275.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/.description.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/ru/bill.php

Size: 194.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/ru/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/bill_ua/en/bill.php

Size: 193.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/bill_ua/en/bill.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/result_rec.php

Size: 278.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/result_rec.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/ru/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/ru/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/yandex_3x/en/payment.php

Size: 203.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/yandex_3x/en/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/payment.php

Size: 272.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/payment.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/.description.php

Size: 282.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/.description.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/ru/impexbank.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/ru/impexbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/payment/impexbank/en/impexbank.php

Size: 207.00 B Created: 2020-09-26 01:20:27 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 3 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/sale/ru/payment/impexbank/en/impexbank.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/crm.php

Size: 22.35 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 426 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/.access.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/yandexinvoice_settings.php

Size: 9.31 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:51 Warns: 2
DescriptionMatch

Function proc_close Warning

Potentially dangerous function `proc_close`

[https://www.php.net/proc_close]

proc_close($process); $dbRes = \Bitrix\Sale\Internals\YandexSettingsTable::getById($shopId); if ($dbRes->fetch()) \Bitrix\Sale\Internals\YandexSettingsTable::update($shopId, array('PKEY' => $privateKey)); else \Bitrix\Sale\Internals\YandexSettingsTable::add(array('SHOP_ID' => $shopId'PKEY' => $privateKey)); } else { $errorMsg Loc::getMessage('SALE_YANDEX_INVOICE_SETTINGS_ALREADY_CONFIGURED'); } if ($errorMsg === '') { $redirectUrl $APPLICATION->GetCurPage()."?pay_system_id=".$id."&lang=".L...

Function proc_open Warning

Potentially dangerous function `proc_open`

[https://www.php.net/proc_open]

proc_open($command$descriptorSpec$pipes); $privateKey stream_get_contents($pipes[1]); $return_value proc_close($process); $dbRes = \Bitrix\Sale\Internals\YandexSettingsTable::getById($shopId); if ($dbRes->fetch()) \Bitrix\Sale\Internals\YandexSettingsTable::update($shopId, array('PKEY' => $privateKey)); else \Bitrix\Sale\Internals\YandexSettingsTable::add(array('SHOP_ID' => $shopId'PKEY' => $privateKey)); } else { $errorMsg Loc::getMessage('SALE_YANDEX_INVOICE_SETTINGS_ALREADY_CONFIG...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/order_new.php

Size: 274.77 kB Created: 2021-09-03 11:54:47 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );

            if (
rss["status"] == "ok")
            {
                
BX('CART_FIX').value'N';

                var 
userEl BX("user_id");
                var 
orderID '<?=$ID?>';

                
locationID rss["location_id"];
                
locationZipID rss["location_zip_id"];

                
insertHtmlResult(document.getElementById("buyer_type_change"), rss['buyertype']);
                
insertHtmlResult(document.getElementById("buyer_type_delivery"), rss['buyerdelivery']);

                <?if(
CSaleLocation::isLocationProEnabled()):?>
                    initZipHandling();
                <?endif?...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/location_edit.php

Size: 21.05 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.fform.COUNTRY_ID");
                
CHANGE_COUNTRY = eval("document.fform.CHANGE_COUNTRY");

                <?if (
$ID>0):?>
                if (parseInt(COUNTRY_LIST.selectedIndex)==0)
                {
                    CHANGE_COUNTRY.checked = false;
                }
                <?endif;?>

                if (parseInt(COUNTRY_LIST.selectedIndex)==0 <?if ($ID>0) echo "|| CHANGE_COUNTRY.checked";?>)
                {
                    SetEnabled(true);
                }
                else
                {
                    SetEnabled(false);
                }
            }
            </script>

            <select name="COUNTRY_ID" OnChange="SetContact()">
                <option value="...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/1c_admin_profile.php

Size: 16.48 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("var cur_type = ''; if (typeof(param_" pkey "_type_" ind ") == 'string') cur_type = param_" pkey "_type_" ind ";");
    eval(
"var cur_val = ''; if (typeof(param_" pkey "_value_" ind ") == 'string') cur_val = param_" pkey "_value_" ind ";");
    eval(
"var cur_name = ''; if (typeof(param_" pkey "_name_" ind ") == 'string') cur_name = param_" pkey "_name_" ind ";");

    if(
cur_name.length 0)
    {
        
num pkey.substr(pkey.lastIndexOf('_')+1);
        
src BX("...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/buyers.php

Size: 16.08 kB Created: 2021-09-03 11:54:47 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 518 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*BUYER*/

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/discount_preset_list.php

Size: 13.95 kB Created: 2021-11-19 17:07:47 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 50 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*close*/

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/report_construct.php

Size: 22.89 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('('+res+')');
                                        
filters BX.findChildren(filterContainer, {class: 'sale-report-site-dependent'}, true);
                                        for(
i in filters)
                                        {
                                            if (
filters[i].tagName == 'SELECT')
                                            {
                                                
filterType filters[i].getAttribute('tid');
                                                if (
filterType)
                                                {
                                                    
fRewriteSelectFromArray(filters[i], res[filterType], '');
                                                }
                                                
filters[i].value '';
                                            }
                                        }
                                    }
                                }
                                function ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/ymarket.php

Size: 21.94 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+result+')' );
                                
BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>').innerHTML '&nbsp;' res['text'];

                                
BX.removeClass(BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>'), 'https_check_success');
                                
BX.removeClass(BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>'), 'https_check_fail');

                                if (
res['status'] == 'ok')
                                    
BX.addClass(BX('https_check_result_<?=CUtil::JSEscape($SITE_ID)?>'), 'https_check_success');
                                else
                                    
BX.addClas...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/discount_edit.php

Size: 30.96 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:51 Dangers: 2
DescriptionMatch

Exploit execution Line: 143 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['CONDITIONS'])

Exploit execution Line: 188 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['ACTIONS'])

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/delivery.php

Size: 11.61 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.find_form.filter_lang");
                
filter_order_price_from = eval("document.find_form.filter_order_price_from");
                
filter_order_price_to = eval("document.find_form.filter_order_price_to");
                
f_currency = eval("document.find_form.f_currency");

                var 
iesum;
                if (
parseInt(filter_lang.selectedIndex)==0)
                {
                    
filter_order_price_from.disabled true;
                    
filter_order_price_to.disabled true;
                    
f_currency.value "";
                }
                else
                {
                    
filter_order_price_from.disa...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/affiliate_calc.php

Size: 13.27 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:51 Dangers: 1
DescriptionMatch

Exploit execution Line: 235 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin_after.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/affiliate_plan_edit.php

Size: 23.84 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("document.form1.MODULE_ID_" cnt);
                if (!
m)
                    return;

                if (
m[m.selectedIndex].value == "catalog")
                    
ShowHideSectionBox(cnttrue);
                else
                    
ShowHideSectionBox(cntfalse);
            }


            var 
itm_id = new Object();
            var 
itm_name = new Object();

            function 
ChlistIBlock(cntn_id)
            {
                var 
max_lev itm_lev;
                var 
nex document.form1["SECTION_SELECTOR_LEVEL_" cnt "[0]"];
                var 
iBlock = eval("document.form1.SECTION_IBLOCK_ID_" cnt);
                var 
iBlockID iBlock[iBl...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/stat_graph_money.php

Size: 9.79 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 115 Warning

Double var technique is usually used for the obfuscation of malicious code

${$filterLine}

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/report_view.php

Size: 23.12 kB Created: 2020-09-26 01:20:35 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('('+res+')');
                                        
filters BX.findChildren(filterContainer, {class: 'sale-report-site-dependent'}, true);
                                        for(
i in filters)
                                        {
                                            if (
filters[i].tagName == 'SELECT')
                                            {
                                                
filterType filters[i].getAttribute('tid');
                                                if (
filterType)
                                                {
                                                    
fRewriteSelectFromArray(filters[i], res[filterType], '');
                                                }
                                            }
                                        }
                                    }
                                }
                                function 
fRewriteSelectFromArray(selectdat...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/admin/order_detail.php

Size: 152.97 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 1366 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$customOrderView)

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );
                                                
BX.closeWait();

                                                if (!!
rs.STATUS_ERR && true == rs.STATUS_ERR)
                                                {
                                                    var 
obStatusErr BX('change_status_err');
                                                    if (!!
obStatusErr)
                                                    {
                                                        
obStatusErr.innerHTML rs.STATUS_ERR_MESS;
                                                        
obStatusErr.style.display 'inline-block';
                                                    }
                                                }
                                                else
                                                {
                                                    if (
BX('date_status_change') && rs['DATE_STATUS'] && rs['DATE_STATUS'].length 0)
            ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/options.php

Size: 94.04 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:51 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 248 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

/var/www/lesiak/lesia.ua/bitrix/modules/sale/ru/payment/yandex_3x/ru/payment.php

Size: 3.10 kB Created: 2021-09-03 11:53:08 Modified: 2024-04-22 10:34:53 Warns: 1
DescriptionMatch

Function eval Line: 66 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+result+')' );
                
BX('https_check_result').innerHTML '&nbsp;' res['text'];

                
BX.removeClass(BX('https_check_result'), 'https_check_success');
                
BX.removeClass(BX('https_check_result'), 'https_check_fail');

                if (
res['status'] == 'ok')
                    
BX.addClass(BX('https_check_result'), 'https_check_success');
                else
                    
BX.addClass(BX('https_check_result'), 'https_check_fail');
            });
        };
        
checkHTTPS()

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.order.full/templates/.default/template.php

Size: 5.19 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:53 Dangers: 7
DescriptionMatch

Exploit execution Line: 69 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step1.php")

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/auth.php")

Exploit execution Line: 71 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step2.php")

Exploit execution Line: 73 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step3.php")

Exploit execution Line: 75 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step4.php")

Exploit execution Line: 77 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step5.php")

Exploit execution Line: 79 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/step6.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.bsm.site.master/tools/pushchecker.php

Size: 2.20 kB Created: 2020-09-26 01:20:34 Modified: 2024-04-22 10:34:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 114 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.bsm.site.master/tools/modulechecker.php

Size: 3.04 kB Created: 2020-09-26 01:20:34 Modified: 2024-04-22 10:34:54 Dangers: 1
DescriptionMatch

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.basket.order.ajax/component.php

Size: 38.65 kB Created: 2021-09-03 11:54:12 Modified: 2024-04-22 10:34:54 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 556 Dangerous

Malware Signature (hash: 11413268)

eVal($_POST

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.basket.order.ajax/templates/.default/template.php

Size: 5.77 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:54 Dangers: 7
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_confirm.php")

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items.php")

Exploit execution Line: 28 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_delay.php")

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_notavail.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_items_subscribe.php")

Exploit execution Line: 44 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_person_type.php")

Exploit execution Line: 45 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/basket_props.php")

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.location.selector.system/templates/.default/template.php

Size: 17.99 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:55 Warns: 1
DescriptionMatch

Function system Warning

Potentially dangerous function `system`

[https://www.php.net/system]

system(<?=CUtil::PhpToJSObject(array( 'scope' => 'slss-'.intval($arResult['RANDOM_TAG']), 'source' => $component->getPath().'/get.php''query' => array( 'BEHAVIOUR' => array( 'LANGUAGE_ID' => LANGUAGE_ID ), ), 'editUrl' => '?'.implode('&'$urlComponents), 'parentTagId' => intval($arResult['RANDOM_TAG']), 'useCodes' => $arResult['USE_CODES'], 'types' => $arResult['TYPES'], 'startSearchLen' => $component::START_SEARCH_LEN'pageSize' => $component::PAGE_SIZE'hugeTailLen' => $component::HUGE_TA...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.ajax.delivery.calculator/templates/input/ajax.php

Size: 864.00 B Created: 2020-09-26 01:20:31 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 15 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.ajax.delivery.calculator/templates/.default/ajax.php

Size: 0.99 kB Created: 2020-09-26 01:20:31 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 15 Dangerous

Malware Signature (hash: 11413268)

eval($_REQUEST

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.crm.site.master/tools/pushchecker.php

Size: 2.27 kB Created: 2021-03-31 19:52:33 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.crm.site.master/tools/modulechecker.php

Size: 5.15 kB Created: 2021-03-31 19:52:33 Modified: 2024-04-22 10:34:55 Dangers: 1
DescriptionMatch

Exploit execution Line: 141 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$modulePath)

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.notice.product/templates/.default/template.php

Size: 7.43 kB Created: 2020-09-26 01:20:30 Modified: 2024-04-22 10:34:56 Warns: 1
DescriptionMatch

Function eval Line: 130 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval( '('+res+')' );

                            if (
rs['ERRORS'].length 0)
                            {
                                if (
rs['ERRORS'] == 'NOTIFY_ERR_NULL')
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_NULL')?>';
                                else if (
rs['ERRORS'] == 'NOTIFY_ERR_CAPTHA')
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_CAPTHA')?>';
                                else if (
rs['ERRORS'] == 'NOTIFY_ERR_MAIL_EXIST')
                                {
                                    
BX('popup_n_error').innerHTML '<?=GetMessageJS('NOTIFY_ERR_MAIL_BUYERS_EXIST')?>';
                        ...

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.location.import/templates/admin/template.php

Size: 13.06 kB Created: 2021-09-03 11:54:47 Modified: 2024-04-22 10:34:56 Dangers: 1
DescriptionMatch

Sign 7830f7a6 Line: 11 Dangerous

Malware Signature (hash: 7830f7a6)

nc-l

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/components/bitrix/sale.location.import/templates/.default/template.php

Size: 15.64 kB Created: 2020-09-26 01:20:29 Modified: 2024-04-22 10:34:56 Dangers: 1
DescriptionMatch

Sign 7830f7a6 Line: 11 Dangerous

Malware Signature (hash: 7830f7a6)

nc-l

/var/www/lesiak/lesia.ua/bitrix/modules/sale/install/sample/mp3/download_private.php

Size: 4.97 kB Created: 2020-12-18 00:01:17 Modified: 2024-04-22 10:34:57 Warns: 1 Dangers: 1
DescriptionMatch

Exploit double_var2 Line: 13 Warning

Double var technique is usually used for the obfuscation of malicious code

${$arr2[0]}

Exploit execution Line: 177 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/404.php")

/var/www/lesiak/lesia.ua/bitrix/modules/pull/ajax_hit.php

Size: 289.00 B Created: 2020-09-26 01:18:59 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 6 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/components/bitrix/pull.request/ajax.php")

/var/www/lesiak/lesia.ua/bitrix/modules/pull/default_option.php

Size: 1.50 kB Created: 2021-03-31 19:52:41 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 35 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/php_interface/pull.php")

/var/www/lesiak/lesia.ua/bitrix/modules/pull/options.php

Size: 24.13 kB Created: 2021-09-03 11:54:43 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/modules/pull/default_option.php')

/var/www/lesiak/lesia.ua/bitrix/modules/pull/classes/general/pull_options.php

Size: 16.59 kB Created: 2021-09-03 11:53:19 Modified: 2024-04-22 10:34:57 Dangers: 1
DescriptionMatch

Exploit execution Line: 533 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/modules/pull/default_option.php')

/var/www/lesiak/lesia.ua/bitrix/modules/yandex.market/lib/trading/service/reference/printer.php

Size: 2.24 kB Created: 2020-09-26 01:19:59 Modified: 2024-04-22 10:34:58 Dangers: 1
DescriptionMatch

Exploit nano Line: 35 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$map[$type]($this->provider)

/var/www/lesiak/lesia.ua/bitrix/modules/mobileapp/install/components/bitrix/mobileapp.menu/templates/.default/template.php

Size: 12.57 kB Created: 2020-09-26 01:20:24 Modified: 2024-04-22 10:35:00 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec("showAuthForm");
                }
            }
    <?endif;
?>

    if(BX.PULL)
    {
        BX.addCustomEvent("onPullExtendWatch", function(data) {
            BX.PULL.extendWatch(data.id);
        });

        BX.addCustomEvent("thisPageWillDie", function(data) {
            BX.PULL.clearWatch(data.page_id);
        });

        BX.addCustomEvent("onPullEvent", function (module_id, command, params)
        {
            if (module_id == 'main' && (command == 'user_authorize' || command == 'user_logout' || command == 'online_list'))
            {
                //app.onCustomEvent('onPullOnline', {...

/var/www/lesiak/lesia.ua/bitrix/modules/webprostor.core/classes/general/functions.php

Size: 22.98 kB Created: 2021-11-19 17:17:36 Modified: 2024-04-22 10:35:00 Warns: 1
DescriptionMatch

Exploit concat_vars_with_spaces Line: 32 Warning

Concatenation of vars technique is usually used for the obfuscation of malicious code

$subA.$subG.$subD.$subB.$subH.$subF.

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/shelladapter.php

Size: 1.88 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Warns: 3 Dangers: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($command" > ".$outputPath." 2>&1 &"); return true; } public function getLastOutput() { return $this->resOutput; } public function getLastError() { return $this->resError; } public function syncExec($command) { $command $this->prepareExecution($command); $retVal 1$descriptorspec = array( => array("pipe""r"), => array("pipe""w"), => array("pipe""w") ); $pipes = array(); $process proc_open('/bin/bash'$descriptorspec$pipes); if (is_resource($process)) { fwrite($pipes[0...

Function proc_close Line: 93 Warning

Potentially dangerous function `proc_close`

[https://www.php.net/proc_close]

proc_close($process)

Function proc_open Warning

Potentially dangerous function `proc_open`

[https://www.php.net/proc_open]

proc_open('/bin/bash'$descriptorspec$pipes); if (is_resource($process)) { fwrite($pipes[0], $command); fclose($pipes[0]); $this->resOutput stream_get_contents($pipes[1]); fclose($pipes[1]); $this->resError stream_get_contents($pipes[2]); fclose($pipes[2]); $retVal proc_close($process)

Function strrev exec_strrev Line: 39 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/sitesdata.php

Size: 3.12 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev exec_strrev Line: 80 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/action.php

Size: 7.27 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($paramCode); $retStr str_replace('##CODE_PARAMS:'.$paramId.'##'$res$retStr); } } foreach ($this->freeParams as $key => $paramValue$retStr str_replace('##'.$key.'##'$paramValue$retStr); return $retStr; } public function start(array $inputParams = array()) { if(!is_array($inputParams)) throw new \Bitrix\Main\ArgumentTypeException("inputParams""array"); if(isset($this->actionParams["MODIFYERS"]) && is_array($this->actionParams["MODIFYERS"])) { $needMoreUserInfo false; foreach...

Function strrev exec_strrev Line: 179 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/helper.php

Size: 5.30 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Exploit php_uname Line: 211 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine

php_uname('s')

Function strrev exec_strrev Line: 186 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/actionsdata.php

Size: 8.27 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("return ('{$operand1}{$operator} '{$operand2}');"); } public static function setLogLevel($logLevel) { self::$logLevel $logLevel; } public static function checkRunningAction() { $result = []; $shellAdapter = new ShellAdapter(); $execRes $shellAdapter->syncExec("sudo -u root /opt/webdir/bin/bx-process -a list -o json"); $data $shellAdapter->getLastOutput(); if($execRes) { $arData json_decode($datatrue); $result = []; if(isset($arData["params"]) && is_array($arData["params"])) { fo...

Function strrev exec_strrev Line: 93 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/serversdata.php

Size: 5.19 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev exec_strrev Line: 39 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/provider.php

Size: 6.34 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev exec_strrev Line: 24 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/monitoring.php

Size: 14.80 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Exploit nano Line: 300 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$item["DATA_FUNC"]($data)

Function strrev exec_strrev Line: 335 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cExe

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lib/actionmodifyer.php

Size: 4.10 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 14 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 22 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/scale/admin/menu.php

Size: 1.16 kB Created: 2020-12-18 00:01:28 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Exploit php_uname Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine

php_uname('s')

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lang/ua/include/actionsdefinitions.php

Size: 5.84 kB Created: 2022-09-23 14:51:56 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 21 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 22 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lang/ru/include/actionsdefinitions.php

Size: 5.86 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 21 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 22 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/scale/lang/en/include/actionsdefinitions.php

Size: 4.46 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 17 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

/var/www/lesiak/lesia.ua/bitrix/modules/scale/include/rolesdefinitions.php

Size: 2.59 kB Created: 2020-09-26 01:19:57 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 64 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

Function strrev eval_strrev Line: 68 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

/var/www/lesiak/lesia.ua/bitrix/modules/scale/include/actionsdefinitions.php

Size: 20.57 kB Created: 2021-09-03 11:54:29 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 181 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

LAVE

Function strrev eval_strrev Line: 182 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/socialservices/classes/general/authmanager.php

Size: 47.12 kB Created: 2021-09-03 11:54:22 Modified: 2024-04-22 10:35:04 Dangers: 2
DescriptionMatch

Exploit execution Line: 1675 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST[self::OAUTH_PACK_PARAM])

Exploit nano Line: 190 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$service["CLASS"]()

/var/www/lesiak/lesia.ua/bitrix/modules/forum/include.php

Size: 53.67 kB Created: 2021-11-19 17:07:34 Modified: 2024-04-22 10:35:04 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 1770 Warning

Double var technique is usually used for the obfuscation of malicious code

${$sOrderVar}

Exploit double_var2 Line: 1773 Warning

Double var technique is usually used for the obfuscation of malicious code

${$sOrderVarE}

/var/www/lesiak/lesia.ua/bitrix/modules/forum/mail/mail.php

Size: 20.43 kB Created: 2021-09-03 11:53:39 Modified: 2024-04-22 10:35:04 Dangers: 1
DescriptionMatch

Exploit execution Line: 658 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/forum/lang/en/mail/mail.php')

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.topic.active/component.php

Size: 18.34 kB Created: 2021-09-03 11:53:50 Modified: 2024-04-22 10:35:05 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 11 Warning

Double var technique is usually used for the obfuscation of malicious code

${$s}

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.index/class.php

Size: 16.87 kB Created: 2021-11-19 17:07:34 Modified: 2024-04-22 10:35:06 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 236 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PAGEN_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.rules/lang/en/component.php

Size: 4.71 kB Created: 2020-09-26 01:20:12 Modified: 2024-04-22 10:35:06 Dangers: 1
DescriptionMatch

Sign 407651f7 Line: 27 Dangerous

Malware Signature (hash: 407651f7)

warez

/var/www/lesiak/lesia.ua/bitrix/modules/forum/install/components/bitrix/forum.topic.list/component.php

Size: 23.88 kB Created: 2020-12-18 00:01:03 Modified: 2024-04-22 10:35:06 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 244 Warning

Double var technique is usually used for the obfuscation of malicious code

${$PAGEN_NAME}

/var/www/lesiak/lesia.ua/bitrix/modules/platon.paysystem/install/index.php

Size: 6.50 kB Created: 2021-04-09 15:36:48 Modified: 2024-04-22 10:35:06 Dangers: 2
DescriptionMatch

Exploit execution Line: 158 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/main/include/prolog_admin_after.php')

Exploit execution Line: 168 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/main/include/epilog_admin.php')

/var/www/lesiak/lesia.ua/bitrix/modules/subscribe/install/index.php

Size: 9.91 kB Created: 2021-09-03 11:53:56 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 125 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/subscribe/install/events.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/admin/body/form_result_list_handler.php

Size: 5.99 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 178 Warning

Double var technique is usually used for the obfuscation of malicious code

${$var_STATUS}

/var/www/lesiak/lesia.ua/bitrix/modules/form/admin/form_field_edit.php

Size: 29.21 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('function() {FIELD_TYPE_CHANGE(\'' + (rows_count+1) + '\'); jsFormValidatorSettings.UpdateAll();}');
            
arInputs[i].onchange = new Function('FIELD_TYPE_CHANGE(\'' + (rows_count+1) + '\'); jsFormValidatorSettings.UpdateAll();');
        }

        if (
new_name == 'MESSAGE_' + (rows_count+1))
        {
            
arInputs[i].onchange jsFormValidatorSettings.UpdateAll;
        }
    }

    var 
input1 BX.create('INPUT', {
        
props: {
            
type'hidden',
            
name'ANSWER[]',
            
valuerows_count 1
        
}
    }),
        
input2 BX.create('...

/var/www/lesiak/lesia.ua/bitrix/modules/form/options.php

Size: 17.64 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 50 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(data.URL);
        if (!
res)
        {
            var 
proto data.URL.match(/\.bitrix24\./) ? 'https' 'http';

            
data.URL proto '://' data.URL;
            
res r.exec(data.URL);
        }

        if (
res)
        {
            
data.URL_SERVER res[1]+'://'+res[2];
            
data.URL_PATH res[3];
        }
    }

    if (!
data.AUTH_HASH)
    {
        var 
content '<div class="form-crm-settings"><form name="form_'+popup_id+'"><table cellpadding="0" cellspacing="2" border="0"><tr><td align="right"><?=CUtil::JSEscape(GetMessage('FORM_TAB_CRM_ROW_TITLE'))?>:</...

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_cform_old.php

Size: 9.22 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 66 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path.$template)

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformstatus.php

Size: 16.98 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformoutput.php

Size: 33.80 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('?>'.$this->__cache_tpl.'<?'); $strReturn ob_get_contents(); ob_end_clean(); return $strReturn; } else { return false; } } function IncludeFormTemplate() { global $APPLICATION; if ($this->__check_form_cache()) { $APPLICATION->SetTemplateCSS("form/form.css"); $FORM =& $this; eval($this->__cache_tpl); return true; } else { return false; } } function isStatisticIncluded() { return CModule::IncludeModule("statistic"); } function __check_form_cache() { global $CACHE_MANAGER; if ($this->arForm[...

Sign 11413268 Line: 100 Dangerous

Malware Signature (hash: 11413268)

eval('?>

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformfield.php

Size: 20.82 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformanswer.php

Size: 7.65 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callform.php

Size: 64.36 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Warns: 2 Dangers: 1
DescriptionMatch

Exploit double_var2 Line: 505 Warning

Double var technique is usually used for the obfuscation of malicious code

${$var}

Exploit double_var2 Line: 515 Warning

Double var technique is usually used for the obfuscation of malicious code

${$var2}

Exploit execution Line: 11 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformvalidator.php

Size: 7.66 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_callformresult.php

Size: 67.59 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/general/form_cformresult_old.php

Size: 6.38 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 71 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$path.$template)

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cform.php

Size: 5.69 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformoutput.php

Size: 421.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformanswer.php

Size: 433.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformfield.php

Size: 428.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 12 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformvalidator.php

Size: 385.00 B Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformstatus.php

Size: 5.42 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/form/classes/mysql/form_cformresult.php

Size: 14.89 kB Created: 2021-09-03 11:54:14 Modified: 2024-04-22 10:35:07 Dangers: 1
DescriptionMatch

Exploit execution Line: 8 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/rest/lib/marketplace/transport.php

Size: 3.30 kB Created: 2021-09-03 11:54:37 Modified: 2024-04-22 10:35:08 Dangers: 1
DescriptionMatch

Exploit execution Line: 118 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'] . '/bitrix/license_key.php')

/var/www/lesiak/lesia.ua/bitrix/modules/rest/options.php

Size: 9.51 kB Created: 2021-03-31 19:53:46 Modified: 2024-04-22 10:35:08 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 114 Warning

Double var technique is usually used for the obfuscation of malicious code

${$code}

/var/www/lesiak/lesia.ua/bitrix/modules/highloadblock/lib/highloadblocktable.php

Size: 18.87 kB Created: 2020-12-18 00:01:27 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($eval); } $entity $entity_data_class::getEntity(); $uFields $USER_FIELD_MANAGER->getUserFields(static::compileEntityId($hlblock['ID'])); foreach ($uFields as $uField) { if ($uField['MULTIPLE'] == 'N') { $params = array( 'required' => $uField['MANDATORY'] == 'Y' ); $field $USER_FIELD_MANAGER->getEntityField($uField$uField['FIELD_NAME'], $params); $entity->addField($field); foreach ($USER_FIELD_MANAGER->getEntityReferences($uField$field) as $reference) { $entity->addField($reference...

/var/www/lesiak/lesia.ua/bitrix/modules/conversion/lib/ratemanager.php

Size: 697.00 B Created: 2020-09-26 01:18:51 Modified: 2024-04-22 10:35:09 Dangers: 1
DescriptionMatch

Exploit nano Line: 31 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$type['CALCULATE']($counters)

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/datamanager/iblockelementid_table.php

Size: 2.51 kB Created: 2020-12-07 12:43:42 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('namespace Bitrix\EsolImportxml\DataManager;'."\r\n"'class '.$className.' extends \Bitrix\Main\Entity\DataManager{'."\r\n"'public static function getTableName(){return "b_iblock_element_prop_s'.$IBLOCK_ID.'";}''public static function getMap(){return array(new \Bitrix\Main\Entity\IntegerField("IBLOCK_ELEMENT_ID", array("primary"=>true)));}''}'); static::$arIblockV2PropTable[$IBLOCK_ID] = '\Bitrix\EsolImportxml\DataManager\ElementPropertyV2STable'; } } $className = static::$arIblockV2...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/datamanager/iblockelement.php

Size: 5.61 kB Created: 2021-03-01 14:07:46 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('namespace Bitrix\EsolImportxml\DataManager;'."\r\n"'class ElementProperty'.$arFilter['IBLOCK_ID'].'Table extends ElementPropertyTable{'."\r\n"'public static function getMap(){return parent::getMapForIblock('.$arFilter['IBLOCK_ID'].');}''}'); self::$arIblockClasses[$arFilter['IBLOCK_ID']] = $arFilter['IBLOCK_ID']; } if(count(array_diff($arNeedKeys$arFields))==0) { $mtype 'd7_props'; } else $mtype 'props'; } } } self::$elemListHash[$hash] = $mtype; } $mtype self::$elemListHash[...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/importer_base.php

Size: 78.35 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:09 Warns: 2
DescriptionMatch

Exploit double_var2 Line: 561 Warning

Double var technique is usually used for the obfuscation of malicious code

${$k}

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($expression.';'); } elseif(preg_match('/\$val\s*=/'$expression)) { eval($expression.';'); return $val; } else { return eval('return '.$expression.';'); } }catch(\Exception $ex){ return $altReturn; } } public function ExecuteOnAfterSaveHandler($handler$ID) { try{ eval($handler.';'); }catch(\Exception $ex){} } public function GetPathAttr(&$arPath) { $attr false; if(mb_strpos($arPath[count($arPath)-1], '@')===0) { $attr mb_substr(array_pop($arPath), 1); $attr = \Bitrix\EsolImportxml\Ut...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/mail/mail_header.php

Size: 4.22 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$m'"return \Bitrix\EsolImportxml\MailHeader::ConvertHeader(\$m[1], \$m[2], \$m[3], '".AddSlashes($charset_to)."');"), $str ); } return $str; } function Parse($message_header$charset) { if(preg_match("'content-type:.*?charset=([^\r\n;]+)'is"$message_header$res)) $this->charset strtolower(trim($res[1], ' "')); elseif($this->charset=='' && defined("BX_MAIL_DEFAULT_CHARSET")) $this->charset BX_MAIL_DEFAULT_CHARSET$ar_message_header_tmp explode("\r\n"$message_header...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/importer.php

Size: 265.34 kB Created: 2023-04-13 12:06:37 Modified: 2024-04-22 10:35:09 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$k,$v''return array($k=>$v);'), array_keys($arProductFields), $arProductFields))); } $arProductFields['IBLOCK_ELEMENT.IBLOCK_ID'] = $IBLOCK_ID$arProductFields['!ID'] = $arUpdatedIds$lastElement end($arUpdatedIds); if($this->stepparams['deactivate_element_first'] > 0$arProductFields['>ID'] = $this->stepparams['deactivate_element_first']; if($lastElement $this->stepparams['deactivate_element_last']) $arProductFields['<=ID'] = $lastElement$dbRes = \Bitrix\Catalog\Prod...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Shared/OLERead.php

Size: 9.40 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit hacked_by Line: 306 Dangerous

Hacker credits

Hacked by

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Shared/File.php

Size: 5.19 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Sign 471b95ee Line: 174 Dangerous

Malware Signature (hash: 471b95ee)

Suhosin

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Shared/PCLZip/pclzip.lib.php

Size: 198.09 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 5
DescriptionMatch

Exploit nano Line: 2623 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD$v_local_header)

Exploit nano Line: 2777 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD$v_local_header)

Exploit nano Line: 3700 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT$v_local_header)

Exploit nano Line: 3947 Dangerous

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient

[https://github.com/s0md3v/nano]

$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT$v_local_header)

Sign 963e968a Line: 5679 Dangerous

Malware Signature (hash: 963e968a)

php_uname()

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Reader/CSV.php

Size: 17.73 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec('locale -a | grep ru'$arLocates); if(is_array($arLocates) && count($arLocates) > 0) { foreach($arLocates as $loc) { $arLocates[ToLower($loc)] = $loc; } $locateLower ToLower($locate); if(!isset($arLocates[$locateLower]) && isset($arLocates['russian'])) { $locate $arLocates['russian']; } } setLocale(LC_CTYPE$locate); } $correctSettings true$rowColumns 0$loop 0; while (($rowData $this->fgetcsv($fileHandle)) !== FALSE && $loop 50 && $correctSettings) { if($loop && coun...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/PHPExcel/PHPExcel/Reader/Excel5.php

Size: 227.06 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit hacked_by Line: 6591 Dangerous

Hacker credits

Hacked by

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/sftp.php

Size: 8.13 kB Created: 2021-09-03 11:52:11 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$a,$b''return $a["modify"]>$b["modify"] ? -1 : 1;')); $arFiles array_diff(array_map(create_function('$n''return $n["name"];'), $arFiles), array('.''..')); $dirpath '/'.trim($dirpath).'/'; foreach($arFiles as $k=>$v) { $arFiles[$k] = $dirpath.$v; } } } if(!is_array($arFiles)) { $arFiles ftp_nlist($this->curConnect$dirpath); } } } $this->currentDirPath $path$this->currentDirFiles $arFiles; } return $arFiles; } public function MakeFileArray($path$arParams=arra...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/xml_viewer.php

Size: 33.45 kB Created: 2021-09-03 11:52:12 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$a,$b''return ($a["NAME"] < $b["NAME"]) ? -1 : 1;')); return $arSections; } public function AddSubSectionStruct(&$arSections$parentRow$arXpaths$subsectionXpath$parentTmpId$level) { $rows $this->Xpath($parentRow$subsectionXpath); if(!is_array($rows)) return false; foreach($rows as $row) { $name trim($this->GetStringByXpath($row$arXpaths['NAME'])); $tmpId trim($this->GetStringByXpath($row$arXpaths['TMP_ID'])); $arSections[$tmpId] = array( 'NAME' => $name'...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/importer_hl.php

Size: 75.64 kB Created: 2021-09-03 11:52:12 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($expression.';'); } elseif(preg_match('/\$val\s*=/'$expression)) { eval($expression.';'); return $val; } else { return eval('return '.$expression.';'); } }catch(\Exception $ex){ return $altReturn; } } public function ExecuteOnAfterSaveHandler($handler$ID) { try{ eval($handler.';'); }catch(\Exception $ex){} } public function GetNextRecord($time) { while(isset($this->xmlElements[$this->xmlCurrentRow $this->xmlRowDiff]) || ($this->xmlElementsCount $this->xmlCurrentRow && $this->InitXml...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/field_list.php

Size: 58.09 kB Created: 2021-09-03 11:52:11 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$n''return "OFFER_".$n;'), $removeFields)); foreach($arGroupsTmp as $k2=>$v2) { foreach($v2['items'] as $k=>$v) { if(in_array($k$removeFields)) unset($arGroupsTmp[$k2]['items'][$k]); } } $arGroups = array(); foreach(array('prop''offer_prop') as $groupCode) { if(array_key_exists($groupCode$arGroupsTmp)) { $arGroups[$groupCode] = $arGroupsTmp[$groupCode]; unset($arGroupsTmp[$groupCode]); } } foreach($arGroupsTmp as $groupCode=>$groupVal) { $arGroups[$groupCode] = $groupVal...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/lib/utils.php

Size: 116.87 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Warns: 3
DescriptionMatch

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

create_function('$k,$v''return "\"".addcslashes($k, "\"")."\":\"".addcslashes($v, "\"")."\"";'), array_keys($arParams['VARS']), array_values($arParams['VARS']))).'}'; } } if(isset($arParams['FILELINK'])) { $path $arParams['FILELINK']; if(!empty($arParams['VARS']) && $arParams['PAGEAUTH']) { $redirectCount 0$location trim($arParams['PAGEAUTH']); while(strlen($location)>&& $redirectCount<=5) { $client = new \Bitrix\Main\Web\HttpClient(array('disableSslVerification'=>true'redirect'=>f...

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($expression.';'); } elseif(preg_match('/\$val\s*=/'$expression)) { eval($expression.';'); return $val; } else { return eval('return '.$expression.';'); } }catch(\Exception $ex){ return $altReturn; } } public static function ShowFilter($sTableID$IBLOCK_ID$FILTER) { global $APPLICATION; \CJSCore::Init('file_input'); $sf 'FILTER'Loader::includeModule('iblock'); $bCatalog Loader::includeModule('catalog'); if($bCatalog) { $arCatalog = \CCatalog::GetByID($IBLOCK_ID); if($arCatalog) { ...

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec('unzip "'.$archiveFn.'" -d '.$tmpsubdir); } elseif($arFile['type']=='application/zip'self::CorrectEncodingForExtractDir($tmpsubdir); } $arFile = array(); if(!is_array($path)) $urlComponents parse_url($path); else $urlComponents = array(); if(isset($urlComponents['fragment']) && strlen($urlComponents['fragment']) > 0) { $fn $tmpsubdir.ltrim($urlComponents['fragment'], '/'); $arFiles = array($fn); if((strpos($fn'*')!==false || (strpos($fn'{')!==false && strpos($fn'}')!==false)) &&...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_group_offproperty.php

Size: 9.96 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['MAP'])

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_cron_settings.php

Size: 15.39 kB Created: 2021-03-01 14:07:46 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec($phpPath.' -v'$arPhpLines); if(is_array($arPhpLines) && isset($arPhpLines[0]) && preg_match('/PHP\s*([\d\.]+)/i'$arPhpLines[0], $m) && !isset($arVersions[$m[1]])) { $res $m[1]; } } echo $res; die(); } if(!defined('NO_AGENT_CHECK')) define('NO_AGENT_CHECK'true); require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_before.php"); $moduleId 'esol.importxml'CModule::IncludeModule('iblock'); CModule::IncludeModule($moduleId); IncludeModuleLangFile(__FILE__...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_group_section.php

Size: 6.89 kB Created: 2021-09-03 11:52:11 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 29 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['MAP'])

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_field_settings.php

Size: 88.98 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 326 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['POSTSTRUCT'])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$arFieldsParamsInArray = &$P'.$fNameEval.';'); $arFieldsParamsInArray $arFieldParams; } if($_POST['action']) define('PUBLIC_AJAX_MODE''Y'); if($_POST['action']=='export_conv_csv') { $arExtra = array(); \Bitrix\EsolImportxml\Extrasettings::HandleParams($arExtra, array(array('CONVERSION'=>$_POST['CONVERSION'], 'EXTRA_CONVERSION'=>$_POST['EXTRA_CONVERSION'])), false); while(is_array($arExtra) && isset($arExtra[0])) $arExtra $arExtra[0]; $arConv $arExtraConv = array(); if(is_array($arE...

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_group_property.php

Size: 10.61 kB Created: 2021-09-03 11:52:13 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 27 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['MAP'])

/var/www/lesiak/lesia.ua/bitrix/modules/esol.importxml/admin/import_xml_field_settings_hl.php

Size: 39.00 kB Created: 2021-03-01 14:07:46 Modified: 2024-04-22 10:35:10 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 108 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_POST['POSTSTRUCT'])

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('$arFieldsParamsInArray = &$P'.$fNameEval.';'); $arFieldsParamsInArray $arFieldParams; } if($_POST['action']=='save' && is_array($_POST['EXTRASETTINGS'])) { define('PUBLIC_AJAX_MODE''Y'); $APPLICATION->RestartBuffer(); if(ob_get_contents()) ob_end_clean(); \Bitrix\EsolImportxml\Extrasettings::HandleParams($PEXTRASETTINGS$_POST['EXTRASETTINGS']); preg_match_all('/\[([_\d]+)\]/'$_GET['field_name'], $keys); $oid 'field_settings_'.$keys[1][0]; $returnJson = (empty($PEXTRASETTINGS[$key...

/var/www/lesiak/lesia.ua/bitrix/modules/bitrixcloud/install/examples/bitrixcloud_backup_list_files.php

Size: 1.04 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/bitrixcloud/install/examples/bitrixcloud_backup_read_file.php

Size: 3.34 kB Created: 2020-09-26 01:18:47 Modified: 2024-04-22 10:35:10 Dangers: 1
DescriptionMatch

Exploit execution Line: 4 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/block.php

Size: 112.12 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1 Dangers: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval('?>' $content '<?'); } catch (\ParseError $e) { $errMessage $this::getMessageBlock([ 'MESSAGE' => Loc::getMessage('LANDING_BLOCK_MESSAGE_ERROR_EVAL') ]); if ($params['wrapper_show']) { echo '<div id="' $anchor '" class="block-wrapper' . (!$this->active ' landing-block-deactive' '') . '">' $errMessage '</div>'; } else { echo $errMessage; } } } } elseif ($this->active || $params['force_unactive']) { static $sysPages null; if ($sysPages === null) { $sysPages = array(); fore...

Sign 11413268 Line: 2654 Dangerous

Malware Signature (hash: 11413268)

eval('?>

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/b24button.php

Size: 5.33 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $code = \htmlspecialcharsbx(trim($this->fields['CODE'])); if ($code != 'N') { Landing\Manager::setPageView'BeforeBodyClose''<script data-skip-moving="true">
                    (function(w,d,u,b){ \'use strict\';
                    var s=d.createElement(\'script\');var r=(Date.now()/1000|0);s.async=1;s.src=u+\'?\'+r;
                    var h=d.getElementsByTagName(\'script\')[0];h.parentNode.insertBefore(s,h);
                })(window,document,\'' 
$code '\');
                </script>' 
); if ($this->fields[...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/up.php

Size: 855.00 B Created: 2020-12-18 00:02:03 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $assets Assets\Manager::getInstance(); $assets->addAsset('landing_upper')

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/pixelvk.php

Size: 1.89 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $counter = \htmlspecialcharsbx(trim($this->fields['COUNTER'])); $counter = \CUtil::jsEscape($counter); if ($counter) { Cookies::addCookieScript'vkp''!function(){
                    var t=document.createElement("script");
                    t.type="text/javascript",
                    t.async=!0,
                    t.src="https://vk.com/js/api/openapi.js?160",
                    t.onload=function(){VK.Retargeting.Init("' 
$counter '"),
                    VK.Retargeting.Hit()},document.head.appendChild(t)
                }();' 
); Manager::...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/view.php

Size: 2.18 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } $type trim($this->fields['TYPE']); $bodyClass ''$mainClasses ''; if ($type === 'ltr') { $bodyClass 'landing-viewtype--ltr'$mainClasses 'g-pt-6 g-px-10 g-pt-30--md g-px-50--md'; } elseif ($type === 'all') { $bodyClass 'landing-viewtype--all'$mainClasses 'g-py-6 g-px-10 g-py-30--md g-px-50--md'; } elseif ($type === 'mobile') { $bodyClass 'landing-viewtype--mobile'$mainClasses 'mx-auto'; } elseif ($type === 'adaptive') { ...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/gmap.php

Size: 1.71 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $code HtmlFilter::encode(trim($this->fields['CODE'])); $assets Asset::getInstance(); $assets->addString"<script defer>
                (function(){
                    'use strict';
                    //fake function, if API will loaded fasten than blocks
                    window.onGoogleMapApiLoaded = function(){}
                })();
            </script>" 
); $assets->addString'<script defer src="https://maps.googleapis.com/maps/api/js?key=' $code '&callback=onGoogleMapApiLoaded"></script>' )

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/robots.php

Size: 1.17 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { return $this->fields['CONTENT']->getValue()

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/theme.php

Size: 10.64 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 2
DescriptionMatch

Exploit concat_vars_array Warning

Concatenation of arrays technique is usually used for the obfuscation of malicious code

$color[0] . $color[1] . $color[1] . $color[2] . $color[2] . $color[3] . $color[3]; }

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void $defaultColors self::getColorCodes(); $request Application::getInstance()->getContext()->getRequest(); if ($request->get('color')) { $colorHex $request->get('color'); } elseif ( ($themeCodeFromRequest $request->get('theme')) && array_key_exists($themeCodeFromRequest$defaultColors) ) { $themeCode $themeCodeFromRequest$colorHex $defaultColors[$themeCodeFromRequest]['color']; } else { $colorHex HtmlFilter::encode(trim($this->fields['COLOR']->getValue())); if (!$colo...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/favicon.php

Size: 2.54 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $picture intval($this->fields['PICTURE']->getValue()); if ($picture 0) { $icons ''$sizes = array('16x16''32x32''96x96'); foreach ($sizes as $size) { list($w$h) = explode('x'$size); $file = \CFile::resizeImageGet( \Bitrix\Landing\File::getFileArray($picture), array( 'width' => $w'height' => $h ), BX_RESIZE_IMAGE_EXACT ); $srcExplode explode('.'$file['src']); $ext array_pop($srcExplode); $icons .= '<link rel="icon" type="image/'...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/settings.php

Size: 8.51 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { } public static function getDataForSite($id null) { static $settings = array(); if (isset($settings[$id])) { return $settings[$id]; } $settings[$id] = array(); if ($id) { $hooks Hook::getData$idHook::ENTITY_TYPE_SITE ); } foreach (self::getDefaultValues() as $key => $defValue) { if (isset($hooks['SETTINGS'][$key])) { $settings[$id][$key] = $hooks['SETTINGS'][$key]; } else { $settings[$id][$key] = $defValue; } } if (!Manager::isB24()) { $settings[$id]['IBLOCK_ID'] = isset($hooks[...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/background.php

Size: 4.06 kB Created: 2021-09-03 11:55:12 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $picture = \htmlspecialcharsbx(trim($this->fields['PICTURE']->getValue())); $color = \htmlspecialcharsbx(trim($this->fields['COLOR']->getValue())); $position trim($this->fields['POSITION']->getValue()); $this->setBackground($picture$color$position); } public static function setBackground(?string $picture, ?string $color null, ?string $position null): void { if ($picture && is_numeric($picture) && (int)$picture 0) { $picture = \htmlspecial...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/copyright.php

Size: 1.12 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Line: 65 Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec()

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/speed.php

Size: 2.74 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if (Landing::getEditMode()) { $this->disableWebpack(); } else { $this->execWebpack(); $this->execLazyLoad(); } } protected function disableWebpack(): void $assets Assets\Manager::getInstance(); $assets->setStandartMode(); } protected function execWebpack(): void $assets Assets\Manager::getInstance(); if ($this->fields['USE_WEBPACK']->getValue() !== 'N') { $assets->setWebpackMode(); } else { $assets->setStandartMode(); } } protected function execLazyLoad(): void { if ($this...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metaog.php

Size: 4.26 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $output ''$files = []; $tags = [ 'title' => \htmlspecialcharsbx(Seo::processValue('title'$this->fields['TITLE'])), 'description' => \htmlspecialcharsbx(Seo::processValue('description'$this->fields['DESCRIPTION'])), 'image' => trim($this->fields['IMAGE']), 'type' => 'website' ]; foreach (['og''twitter'] as $rootTag) { foreach ($tags as $key => $val) { if ($key == 'image' && intval($val) > 0) { $val intval($val); if (!array_key_exists($val,...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/pixelfb.php

Size: 3.67 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $counter null$businessPixel $this->getBusinessPixel(); if ($this->fields['USE']->getValue() === 'Y') { $counter = \htmlspecialcharsbx(trim($this->fields['COUNTER'])); $counter = \CUtil::jsEscape($counter); } if (!$counter || $counter === $businessPixel) { $counter $businessPixel$businessPixel null; } if ($counter) { Cookies::addCookieScript'fbp''!function(f,b,e,v,n,t,s)
                {if(f.fbq)return;n=f.fbq=function(){n.callMethod?
                n.callM...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/gacounter.php

Size: 3.60 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } if ($this->fields['USE']->getValue() != 'Y') { return; } $this->setCounter($this->fields['COUNTER']); $sendData = []; if ($this->fields['SEND_CLICK']->getValue() == 'Y') { $sendData[] = 'click'; } if ($this->fields['SEND_SHOW']->getValue() == 'Y') { $sendData[] = 'show'; } if (!empty($sendData)) { \Bitrix\Landing\Manager::setPageView'BodyTag'' data-event-tracker=\'' json_encode($sendData) . '\'' ); $clickType $this->fields['CLICK_TYPE']->getV...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metamain.php

Size: 2.42 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $title = \htmlspecialcharsbx(Seo::processValue('title'$this->fields['TITLE'])); $description Seo::processValue('description'$this->fields['DESCRIPTION']); $keywords Seo::processValue('keywords'$this->fields['KEYWORDS']); if ($title != '') { Manager::setPageTitle($title); } if ($description != '') { Manager::getApplication()->setPageProperty'description'$description ); } if ($keywords != '') { Manager::getApplication()->setPageProperty( ...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/cssblock.php

Size: 1.73 kB Created: 2020-12-18 00:02:03 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $cssCode trim($this->fields['CODE']); $cssFile trim($this->fields['FILE']); if ($cssCode != '') { echo '<style type="text/css">' $cssCode '</style>'; } if ($cssFile != '') { echo '<link href="' . \htmlspecialcharsbx($cssFile)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metarobots.php

Size: 1.16 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } if (\Bitrix\Landing\Landing::getPreviewMode()) { $use 'N'; } else { $use $this->fields['INDEX']->getValue(); } \Bitrix\Main\Page\Asset::getInstance()->addString'<meta name="robots" content="' . ($use != 'N' 'all' 'noindex') . '" />' )

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/yacounter.php

Size: 2.70 kB Created: 2021-09-03 11:53:33 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } if ($this->fields['USE']->getValue() != 'Y') { return; } $this->setCounter($this->fields['COUNTER']); } public static function setCounter(string $counter): void $counter = \htmlspecialcharsbx(trim($counter)); $counter = \CUtil::jsEscape($counter); if (!$counter) { return; } Cookies::addCookieScript'ym''(function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)};
            m[i].l=1*new Date();k=e.createElement(t),a=e.getElements...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/themefonts.php

Size: 10.95 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } $this->setThemeFont(); $this->setHFontTheme(); $this->setSize(); $this->setColors(); $this->setTypo(); } protected function getField(string $name): ?string { if ($field $this->fields[$name]->getValue()) { return HtmlFilter::encode(trim($field)); } return self::getDefaultValues()[$name]; } protected static function getDefaultValues(): array { return [ 'CODE' => 'Open Sans''CODE_H' => 'Open Sans''SIZE' => '1''LINE_HEIGHT' => '1.6''FONT_...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/headblock.php

Size: 2.99 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->isLocked()) { return; } if ($this->execCustom()) { return; } $code trim($this->fields['CODE']); if ($code != '') { self::$lastInsertedCode $code$code str_replace'<script''<script data-skip-moving="true"'$code ); \Bitrix\Main\Page\Asset::getInstance()->addString($code)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/gtm.php

Size: 2.33 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $counter = \htmlspecialcharsbx(trim($this->fields['COUNTER'])); $counter = \CUtil::jsEscape($counter); if ($counter) { Cookies::addCookieScript'gtm''(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({\'gtm.start\':new Date().getTime(),event:\'gtm.js\'});
                var f=d.getElementsByTagName(s)[0],
                j=d.createElement(s),
                dl=l!=\'dataLayer\'?\'&l=\'+l:\'\';
                j.async=true;
                j.src=\'https://www.googletagmanager.com/gtm.js?id=\'+i+dl;
                f.parent...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/cookies.php

Size: 5.15 kB Created: 2021-03-31 19:53:52 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } if ($this->fields['USE']->getValue() == 'Y') { $infoMode $this->isInformationMode(); if (!$infoMode) { self::$enabled trueManager::clearPageView('Noscript'); } ob_start(); Manager::getApplication()->includeComponent'bitrix:landing.cookies''', [ 'USE' => $this->fields['USE']->getValue(), 'POSITION' => $this->fields['POSITION']->getValue(), 'COLOR_BG' => $this->fields['COLOR_BG']->getValue(), 'COLOR_TEXT' => $this->fields['COLOR_TEXT']-...

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metagoogleverification.php

Size: 1.47 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $meta trim($this->fields['META']); if (preg_match('#^<meta\s+name="google-site-verification"\s+content="[a-z0-9_\-]+"\s+/*>$#i'$meta)) { Manager::setPageView('BeforeHeadClose'$meta)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/fonts.php

Size: 5.17 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if (!self::$setFonts) { return; } $this->fields['CODE'] = str_replace( ['st yle''onl oad''li nk'], ['style''onload''link'], $this->fields['CODE'] ); $styleFound preg_match_all'#(<noscript>.*?<style.*?data-id="([^"]+)"[^>]*>[^<]+</style>)#is'$this->fields['CODE'], $matches ); $fonts = []; if ($styleFound) { $fonts array_combine($matches[2], $matches[1]); } $this->outputFonts($fonts)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/metayandexverification.php

Size: 1.51 kB Created: 2020-09-26 01:19:27 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec() { if ($this->execCustom()) { return; } $meta trim($this->fields['META']); if (preg_match('#^<meta\s+name="yandex-verification"\s+content="[a-z0-9_\-]+"\s+/*>$#i'$meta)) { Manager::setPageView('BeforeHeadClose'$meta)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page/layout.php

Size: 1.53 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec(): void { if ($this->execCustom()) { return; } $breakpoint trim(HtmlFilter::encode($this->fields['BREAKPOINT'])); if(!$breakpoint) { $breakpoint self::DEFAULT_BREAKPOINT; } Manager::setPageView('MainClass''landing-layout-breakpoint--' $breakpoint)

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/hook/page.php

Size: 4.23 kB Created: 2020-12-18 00:02:08 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Function exec Line: 273 Warning

Potentially dangerous function `exec`

[https://www.php.net/exec]

exec()

/var/www/lesiak/lesia.ua/bitrix/modules/landing/lib/mutator.php

Size: 19.38 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Dangers: 2
DescriptionMatch

Sign 99fc3b9d Line: 1 Dangerous

Malware Signature (hash: 99fc3b9d)

$GLOBALS['____

Sign a408f408 Line: 1 Dangerous

Malware Signature (hash: a408f408)

c3RyX

/var/www/lesiak/lesia.ua/bitrix/modules/landing/options.php

Size: 11.98 kB Created: 2021-11-19 17:08:20 Modified: 2024-04-22 10:35:10 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 225 Warning

Double var technique is usually used for the obfuscation of malicious code

${$name}

/var/www/lesiak/lesia.ua/bitrix/modules/landing/install/components/bitrix/landing.start/lang/en/component.php

Size: 5.31 kB Created: 2020-09-26 01:19:36 Modified: 2024-04-22 10:35:16 Dangers: 1
DescriptionMatch

Sign 301ca578 Line: 28 Dangerous

Malware Signature (hash: 301ca578)

Trojan

/var/www/lesiak/lesia.ua/bitrix/modules/seo/lib/businesssuite/serviceadapter.php

Size: 3.09 kB Created: 2021-09-03 11:55:01 Modified: 2024-04-22 10:35:23 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("
                        class 
$serviceWrapperClassName extends Bitrix\Seo\BusinessSuite\ServiceWrapper
                            implements
                                Bitrix\Seo\Retargeting\IService,
                                Bitrix\Seo\Retargeting\IMultiClientService,
                                Bitrix\Seo\BusinessSuite\IInternalService
                        {}
                "
); return $serviceWrapperClassName::getInstance(); } } } public static function loadFacebookService() { if($serviceWrapper Utils\ServicePool::getService([Service::INSTAGRAM_TYPE,Service::FACEBOOK_TYPE])) { return (new static())->se...

/var/www/lesiak/lesia.ua/bitrix/modules/seo/admin/seo_tools.php

Size: 39.47 kB Created: 2021-09-03 11:55:00 Modified: 2024-04-22 10:35:23 Dangers: 4
DescriptionMatch

Exploit execution Line: 105 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_changer_link'])

Exploit execution Line: 109 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_final'])

Exploit execution Line: 119 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_win_changer_link'])

Exploit execution Line: 123 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

base64_decode($_REQUEST['title_win_final'])

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/fileman.php

Size: 72.84 kB Created: 2021-09-03 11:54:02 Modified: 2024-04-22 10:35:24 Dangers: 1
DescriptionMatch

Exploit execution Line: 250 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/fileman/install/version.php")

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/admin/fileman_js.php

Size: 1.60 kB Created: 2020-12-18 00:01:02 Modified: 2024-04-22 10:35:24 Dangers: 2
DescriptionMatch

Exploit execution Line: 11 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/'.LANGUAGE_ID.'/admin/fileman_js.php')

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/en/admin/fileman_js.php')

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/admin/fileman_admin.php

Size: 51.10 kB Created: 2021-09-03 11:54:02 Modified: 2024-04-22 10:35:24 Warns: 1 Dangers: 1
DescriptionMatch

Exploit execution Line: 17 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"]."/bitrix/admin/fileman_access.php")

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

[https://www.php.net/posix_getpwuid]

posix_getpwuid(fileowner($fnameConverted)); $arrFileGroup posix_getgrgid(filegroup($fnameConverted)); $showField .= " ".$arrFileOwner['name']." ".$arrFileGroup['name']; } } else $showField "&nbsp;"; } $row->AddField("PERMS"$showField); } $showField ""; if (in_array("PERMS_B"$arVisibleColumns)) { $showField "&nbsp;"; if(($USER->CanDoOperation('fileman_view_permissions') || $USER->CanDoOperation('fileman_edit_all_settings')) && $USER->CanDoFileOperation('fm_view_permission'$arPath)) ...

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/options.php

Size: 66.61 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:24 Dangers: 2
DescriptionMatch

Exploit execution Line: 1053 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/'.LANGUAGE_ID.'/admin/fileman_js.php')

Exploit execution Line: 1055 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/fileman/lang/en/admin/fileman_js.php')

/var/www/lesiak/lesia.ua/bitrix/modules/fileman/classes/general/editor_utils.php

Size: 8.42 kB Created: 2021-09-03 11:53:40 Modified: 2024-04-22 10:35:24 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($code); echo '#BX_RENDERED_COMPONENT#'$s ob_get_contents(); ob_end_clean(); return $s; } public static function _RenderAllComponents($arParams$bLPA) { global $APPLICATION$USER$s ''$arPHP PHPParser::ParseFile($arParams['source']); $l count($arPHP); if ($l 0) { $new_source ''$end 0$comp_count 0ob_start(); for ($n 0$n<$l$n++) { $src $arPHP[$n][2]; if (mb_substr($src05) == "<?"."php"$src mb_substr($src5); else $src mb_substr($src2); $src m...

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php

Size: 9.56 kB Created: 2021-03-31 19:54:11 Modified: 2024-04-22 10:35:26 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("var result = " data "; "); }
            if (
result['status'] == 'inprogress')
            {
                
document.getElementById('photogallery_recalc').innerHTML result['text'];
                if (
__this_source.bReady == false)
                {
                    
document.getElementById('ButtonPhotoGalleryRecalcStart').disabled false;
                    
document.getElementById('ButtonPhotoGalleryRecalcContinue').disabled false;
                    
document.getElementById('ButtonPhotoGalleryRecalcStop').disabled true;
                }
                else
                {
                    
document.getElementById(...

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list/templates/slider_big/template.php

Size: 16.33 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:35:27 Warns: 1
DescriptionMatch

Function eval Line: 338 Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval("div.onclick = function(e){jsUtils.PreventDefault(e); jsUtils.Redirect([], '" res[ii].href "');};");
        
res[ii].parentNode.insertBefore(divres[ii]);
        
res[ii].onmouseover = function()
        {
            
this.previousSibling.onshow();
            
this.bxMouseOver 'Y';
        };
        
res[ii].onmouseout = function()
        {
            
this.bxMouseOver 'N';
            var 
__this this;
            
setTimeout(
                function()
                {
                    if (
__this.previousSibling && __this.previousSibling.bxMouseOver != "Y")
                    {
                        
__this.previousSibling...

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery/templates/.default/bitrix/blog.post.comment/photogallery/template.php

Size: 29.88 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:35:27 Dangers: 1
DescriptionMatch

Exploit execution Line: 13 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list.ex/templates/.default/template.php

Size: 12.71 kB Created: 2021-11-19 17:07:51 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit infected_comment Line: 110 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

/*width*/

/var/www/lesiak/lesia.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list.ex/templates/.default/bitrix/blog.post.comment/photogallery/template.php

Size: 18.81 kB Created: 2021-03-31 19:52:27 Modified: 2024-04-22 10:35:28 Dangers: 2
DescriptionMatch

Exploit execution Line: 144 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/lhe.php")

Exploit execution Line: 30 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER["DOCUMENT_ROOT"].$templateFolder."/script.php")

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/lib/gs.php

Size: 20.24 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:28 Dangers: 1
DescriptionMatch

Exploit execution Line: 382 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].BX_ROOT.'/license_key.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/phpmorphy/phpmorphy-0.3.7/utils/libs/decorator.php

Size: 6.79 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($this->_createClassCode() . " return true;"); } protected function _createClassCode() { $implements ''$interfaces lmbReflectionHelper :: getInterfaces($this->_class); if(function_exists('spl_classes')) $interfaces array_diff($interfaces, array('Traversable')); if(count($interfaces) > 0$implements 'implements ' implode(', '$interfaces); $code "class " $this->_decorator_class " extends " $this->_decorator_base $implements {\n"$code .= "    function __construct(\$...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/phpmorphy/phpmorphy-0.3.7/bin/build_dict.php

Size: 4.81 kB Created: 2020-09-26 01:19:04 Modified: 2024-04-22 10:35:28 Warns: 2
DescriptionMatch

Function proc_close Warning

Potentially dangerous function `proc_close`

[https://www.php.net/proc_close]

proc_close($handle); if($errorcode) { doError"\n\nCommand '" $cmd .'\' exit with code = ' $errorcode ', error = \'' $stderr '\'' ); } echo "OK.\n"; } function get_locale($xml) { $reader = new XMLReader(); if(false === $reader->open($xml)) { return false; } while($reader->read()) { if($reader->nodeType == XMLReader::ELEMENT) { if($reader->localName === 'locale') { $result $reader->getAttribute('name'); $result strlen($result) ? $result false; break; } } } $reader->close(); retur...

Function proc_open Warning

Potentially dangerous function `proc_open`

[https://www.php.net/proc_open]

proc_open($cmd$desc$pipesnullnull$opts))) { doError('Can`t execute \'' $cmd '\' command'); } if(1) { while(!feof($pipes[1])) { fputs(STDOUTfgets($pipes[1])); } } else { stream_copy_to_stream($pipes[1], STDOUT); } $stderr trim(stream_get_contents($pipes[2])); fclose($pipes[1]); fclose($pipes[2]); $errorcode proc_close($handle); if($errorcode) { doError"\n\nCommand '" $cmd .'\' exit with code = ' $errorcode ', error = \'' $stderr '\'' ); } echo "OK.\n"; } function g...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/fonts/Montserrat-Bold.ufm.php

Size: 42.00 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit base64_long Line: 1965 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'eJzt23WwXEUWwOHThz590cUhJAQCBIi7uxtxQaNoiELcDXeLu7u7u7s7EqK4Lw47Nbx6lbfxbDZUUb+vqvvcPt23b/fMrZqaP1qcnIqesud4l4TyoWOoFgaHLeGr0CnUDLVC1TA7lAn1Q+lQ3TbZZttiW22bbbcdttN22e5QNpQLi8L8sDBUDF+Kl1Ryh6SRLFJWyklVeVDqS0NpIm2knbwgo2WsjJNpskRWy0dyQI7IUfkm1A01Qr2wMjSNCru33Dg33k1zc912t8O97w66791P7jc1jfQ6zam5NY8W0Yp6vzbRptpCW2rnUDv8FOqE5We1w9MKfUKFMCBMDoPC9PBz+CYqGL71zULbsCI8Hb6LioYfwtKQPmSI8oRN4etQOcof0vnmoV0oGgqFYqGS3CQmV0lKuUFSyG2SWgpLVskpBeRReVhqSm1JJ8/Le/KivCzD5K0wV4bIZlkj62WjHJMxWt4NcW+73m60G+RGujFuklvj5rl...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/fonts/Montserrat-Regular.ufm.php

Size: 42.14 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit base64_long Line: 1969 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'eJzt23W01cUWwPE929n7YKMoSCmlgnSZdEk3SthKh3TbTSOpAgrSpVIiSrfSrdjx7MKO93z3HVh3eZ/04+laru9nrfnt38ye38yec35/3PvHkSCHoofM/N5Jnt+LekG/w2f5K17My3l5z+MjPJ/X9EJewpbZclthK22VrbY1ttbW2XrP68V9jD/mT3hhf1mi5JCckleKSDWpLvWlsbSSNtJeekgvuV+myDSZLnNkmayVt+Rt+UD+IV95Gb/Qy/qrXjJRJ/QLk8OUMDvMD5vDlrAnvBm+DPvC9+E3DXqaFtaiWkyv1KpaV1tpa+2gt2svL+XbvLSPP6oTHpZ39wLe2wd6Xx/q231jopZvird5fZ/gtX1zop5v9Sf9bM+QqOozfINflKjhZ8Xm3sDP96x+gReRjGJyumSXcySrnC95pKwUlZJSSm6RpnKd3CCXyH3yqDwgD8kEGeSj5CnZLOvkFdkoH8pUrRLGhP5hWHg6PB7Gh4lhelg...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/fonts/Montserrat-Italic.ufm.php

Size: 42.07 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Warns: 1
DescriptionMatch

Exploit base64_long Line: 1965 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

'eJzt3HWwHcUSwOGeZnoWd9cQAsEd4u6CS9yVeILGjTjE3RUnLkSJO0kIcXd3efCQ5J06CSnui+flhSrq91Xt9s507+zM7qmtun/sFSeno6fN/NVloWyoFMqFMWFHdHmoHGqHOqFYWBhKh2ahfKhq222H7bRdttv22F7bZ/vtQCgVqoTlYUlYFipEkXhJJPfLw/K05JCc8rrklbJSXirJR1JDGskX8pV8LcNkksyUdbJetshW2R9qhuKhVnRrqBZ96lq5r903bpgb4xa5xW612+gOuV/c72oa6Y36gibT5JpeX9a3tZJW1vf0fa0bqkfXhRphzTmt8IzCsPBOGBVmh9FhXnR9dGXUIrrKtwytwtrQIro6ahVdG1aFLCFr1Dhsi64IJaJmIbNvFVqHAiFvKBgqyq1ico3cIzfLXXKvJJF08oy8IKmluOSXglJYHpWPpZ00lqbST1qFRdJHFsgsmSvzZJt8qbldH9fadXZfuF7uM/elG+R...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/php-svg-lib/src/Svg/Style.php

Size: 18.31 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:28 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 434 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/php-css-parser/lib/Sabberworm/CSS/RuleSet/DeclarationBlock.php

Size: 21.81 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Warns: 1
DescriptionMatch

Exploit double_var2 Line: 250 Warning

Double var technique is usually used for the obfuscation of malicious code

${$sPosition}

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/lib/php-css-parser/lib/Sabberworm/CSS/Value/Color.php

Size: 3.90 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Warns: 1
DescriptionMatch

Exploit concat_vars_array Warning

Concatenation of arrays technique is usually used for the obfuscation of malicious code

$sValue[0] . $sValue[0] . $sValue[1] . $sValue[1] . $sValue[2] . $sValue[2] . $sValue[3] . $sValue[3]; }

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/src/Options.php

Size: 26.52 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Dangers: 1
DescriptionMatch

Sign 11413268 Line: 55 Dangerous

Malware Signature (hash: 11413268)

exploit

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/src/Css/Color.php

Size: 9.55 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Dangers: 1
DescriptionMatch

Function strrev eval_strrev Line: 81 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/vendors/dompdf/src/PhpEvaluator.php

Size: 1.31 kB Created: 2020-09-26 01:19:03 Modified: 2024-04-22 10:35:29 Warns: 1
DescriptionMatch

Function eval Warning

Potentially dangerous function `eval`

[https://www.php.net/eval]

eval($code); } public function render(Frame $frame) { $this->evaluate($frame->get_node()->nodeValue)

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/classes/general/lessc.inc.php

Size: 96.44 kB Created: 2020-09-26 01:19:26 Modified: 2024-04-22 10:35:29 Dangers: 2
DescriptionMatch

Function strrev eval_strrev Line: 2182 Dangerous

Encoded Function `eval`

[https://www.php.net/eval]

lave

Function strrev exec_strrev Line: 2111 Dangerous

Encoded Function `exec`

[https://www.php.net/exec]

cexe

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/sale.gift.main.products/main/template.php

Size: 6.74 kB Created: 2020-09-26 01:19:17 Modified: 2024-04-22 10:35:32 Dangers: 2
DescriptionMatch

Exploit clever_include Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"], "CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"], "CURRENCY_ID" => $arParams["CURRENCY_ID"], "HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"], "TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""), "ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""), "LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""), "OFFER_ADD_PICT_PROP" => (isset($arPara...

Exploit clever_include Line: 78 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
                        "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
                        "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
                        "
HIDE_NOT_AVAILABLE" => $arParams["HIDE_NOT_AVAILABLE"],
                        "
TEMPLATE_THEME" => (isset($arParams["TEMPLATE_THEME"]) ? $arParams["TEMPLATE_THEME"] : ""),

                        "
ADD_PICT_PROP" => (isset($arParams["ADD_PICT_PROP"]) ? $arParams["ADD_PICT_PROP"] : ""),

                        "
LABEL_PROP" => (isset($arParams["LABEL_PROP"]) ? $arParams["LABEL_PROP"] : ""),
    ...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/news.detail/news/component_epilog.php

Size: 46.99 kB Created: 2021-11-20 12:57:53 Modified: 2024-04-22 10:35:33 Dangers: 1
DescriptionMatch

Exploit execution Line: 1285 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/component_epilog.php

Size: 68.33 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1404 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1532 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/template.php

Size: 89.22 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1623 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main2/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1395 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1481 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/template.php

Size: 90.81 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1619 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
            "
USE_PRODUCT_QUANTITY" => 'N',
            "
OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arPar...

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main3/epilog_blocks/modules.php

Size: 8.62 kB Created: 2021-11-20 12:57:48 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit execution Line: 171 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.complect_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/component_epilog.php

Size: 66.29 kB Created: 2021-11-20 12:58:03 Modified: 2024-04-22 10:35:34 Dangers: 2
DescriptionMatch

Exploit execution Line: 1396 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'/include/detail.linked_products_block.php')

Exploit execution Line: 1482 Dangerous

RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP

[https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]

include($_SERVER['DOCUMENT_ROOT'].SITE_DIR.'include/detail.linked_products_block.php')

/var/www/lesiak/lesia.ua/bitrix/modules/aspro.max/install/wizards/aspro/max/site/templates/aspro_max/components/bitrix/catalog.element/main4/template.php

Size: 90.38 kB Created: 2021-11-27 00:56:21 Modified: 2024-04-22 10:35:34 Dangers: 1
DescriptionMatch

Exploit clever_include Line: 1611 Dangerous

LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine

INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
            "
CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
            "
CURRENCY_ID" => $arParams["CURRENCY_ID"],
            "
BASKET_URL" => $arParams["BASKET_URL"],
            "
ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
            "
PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
            "
PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"]