CVE-2022-50911

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

16 Jan 2026, 15:15

Type	Values Removed	Values Added
Summary	(en) Bitrix24 contains an authenticated remote code execution vulnerability that allows logged-in attackers to execute arbitrary system commands through the PHP command line admin interface. Attackers can leverage the vulnerability by sending crafted POST requests to the administrative endpoint with system commands to execute code with the web application's privileges.	(en) Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
CWE	~~CWE-862~~
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://www.bitrix24.com/apps/desktop.php', 'source': 'disclosure@vulncheck.com'}~~ ~~{'url': 'https://www.exploit-db.com/exploits/50898', 'source': 'disclosure@vulncheck.com'}~~ ~~{'url': 'https://www.vulncheck.com/advisories/bitrix-remote-code-execution-rce-authenticated', 'source': 'disclosure@vulncheck.com'}~~

13 Jan 2026, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 23:15

Updated : 2026-01-16 15:15

NVD link : CVE-2022-50911

Mitre link : CVE-2022-50911

CVE.ORG link : CVE-2022-50911

JSON object : View

Products Affected

No product.

CWE

No CWE.