Bitrix Site Manager subscr_form.php Path Disclosure
Remote / Network Access
Loss of Confidentiality
Bitrix Site Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when errors occur during execution of subscr_form.php due to invalid user input, which will disclose web server path information resulting in a loss of confidentiality.
Upgrade to version 4.09 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.