Changed bulletin status to patched.
Exploit availability: Yes [Search exploit]Description
The vulnerability allows a remote attacker to bypass web application firewall.
The vulnerability exists due to insufficient validation of user-supplied input when processing NULL byte character within the Proactive Protection module version 19.0.0 and below in Bitrix Site Manager. A remote attacker can pass specially crafted input to the application that contains a NULL byte (%00) and bypass Web Application Firewall rules.
require($_SERVER["DOCUMENT_ROOT"]."/bitrix/header.php"); $s = $_GET["test"]; ?>Not loaded
Install update from vendor's website.
Update Proactive Protection module to version 20.0.0.Vulnerable software versions
Bitrix Site Manager: 16.0, 16.5, 17.0, 18.0, 19.0, 20.0, 20.0.950CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.