Bitrix

Architecture

Security

• In April 2006, the magazine "Hacker" published an article about CAPTCHA hacking in "1C-Bitrix: Site Management".
• In December 2013, information was published about a vulnerability in the e-Store module that allows attackers to learn a user's cookie and manage their shopping cart, removing and adding products. The vulnerability was given the number CVE-2013-6788. It has been fixed as of version 14.0.1.
• The CVE-2015-8357 vulnerability in the xscan module was published in November 2015. The vulnerability allows users to rename arbitrary files, access confidential data, and cause denial of service. The vulnerability has been fixed since xscan 1.0.4.
• In 2015, a critical CVE-2015-8358 vulnerability was found in the mpbuilder module. The vulnerability allows remote access outside the home directory, enabling remote code execution. Versions of the mpbuilder module below 1.0.12 are affected.
• In February 2018, 1C-Bitrix updated its certificates from the FSTEC of Russia. The absence of undeclared Level 4 capabilities (NDV-4) was recorded. The updated certificates will be valid until 2020.

Awards and ratings

• According to the research agency Data Insight in 2017, 1C-Bitrix is recognized as the most popular CMS among Russian online stores with a share of 28.7% of the total CMS market.
• In October 2018, 1C-Bitrix entered the ranking of the most popular CMS in the world according to W3Techs with a share of 1% of the market.
• According to the research agency Data Insight, 1C-Bitrix: Site Management is the most popular CMS among online pharmacies in Russia in 2018.
• In 2019, 1C-Bitrix took the fifteenth position in the "20 Most Expensive Runet Companies - 2019" ranking published by Forbes magazine. According to experts' estimates, the company's value in 2019 was $106 million.