Vulnerabilities in third-party modules for 1C-Bitrix: a threat to website security | ONELAB
+7 (700) 700 71 77 info@oneit.kz
Security

Vulnerabilities in third-party modules for 1C-Bitrix: a threat to website security

11.04.2025

Recently, critical vulnerabilities were discovered in several third-party modules installed on the 1C-Bitrix platform for importing, exporting, and bulk editing data. These modules are not part of the 1C-Bitrix core and are often not updated in a timely manner, making them an attractive target for hackers.

What exactly is at risk?

The vulnerabilities affected modules from two developers:

Module Purpose Developer
kda.importexcel Excel data import LLC “KDA Bitrix” (kdasoft.ru)
kda.exportexcel Excel data export LLC “KDA Bitrix” (kdasoft.ru)
esol.massedite Bulk element editing Esol – Easy Solutions (esolutions.su)
esol.importxml XML file import Esol – Easy Solutions (esolutions.su)
esol.importexportexcel Excel import/export Esol – Easy Solutions (esolutions.su)
esol.allimportexport All types of imports and exports Esol – Easy Solutions (esolutions.su)

How the hack happens

Attackers exploit vulnerabilities in the administrative scripts of these modules, gaining access to the server through poorly protected cron scripts. This allows them to upload malicious files and execute arbitrary PHP code.

In practice — a module installed long ago with open access and unrestricted permissions becomes a backdoor, especially if it is not updated or monitored.

How to protect your site

1. Restore correct access permissions

Run the script to set secure permissions and file ownership:

bash

#!/bin/bash
# Run as root!
DOCROOT="/home/bitrix/www"

FILES=(
    "/bitrix/modules/esol.allimportexport/admin/cron_settings.php"
    "/bitrix/modules/esol.importexportexcel/admin/iblock_export_excel_cron_settings.php"
    "/bitrix/modules/esol.importexportexcel/admin/iblock_import_excel_cron_settings.php"
    "/bitrix/modules/esol.importxml/admin/import_xml_cron_settings.php"
    "/bitrix/modules/esol.massedit/admin/profile.php"
    "/bitrix/modules/kda.exportexcel/admin/iblock_export_excel_cron_settings.php"
    "/bitrix/modules/kda.importexcel/admin/iblock_import_excel_cron_settings.php"
)

for file in "${FILES[@]}"
do
    FULLPATH="$DOCROOT$file"
    echo "Processing: $FULLPATH"
    
    if [ ! -f "$FULLPATH" ]; then
        echo "File missing: $FULLPATH"
        continue
    fi

    chattr -i "$FULLPATH" 2>/dev/null
    chmod 644 "$FULLPATH"
    chown bitrix:bitrix "$FULLPATH"
    
    echo "Secured: $FULLPATH"
done

echo "Done."

How to use:

bash

wget -O fix_permissions.sh https://onehost.kz/fix_permissions
chmod +x fix_permissions.sh
./fix_permissions.sh

2. Install the security patch

It is also recommended to apply the patch:

bash

wget -O patch.php https://onehost.kz/patch

Upload patch.php to the site root and open in a browser:

arduino

https://your_site/patch.php

⚠ Note: phar support must be enabled in PHP for the patch to run.

Conclusion

  • The vulnerabilities were found not in 1C-Bitrix, but in third-party modules from external developers.
  • Modules by LLC “KDA Bitrix” and Esol – Easy Solutions can become an attack vector, especially if they were installed long ago and never updated.
  • Check the modules installed on your site, remove unnecessary ones, restrict access to scripts, and apply security fixes.

Regularly update third-party solutions, even if they “just work”. Security requires attention.

Back to the list

Do you have a question?
Write to us

Almaty, Kazakhstan +7 (727) 347-01-01
Los Angeles, USA +1 (323) 723-34-01
London, UK: +44 (204) 577-38-01
Contacts
© 2010-2023 Webstudio Onelab LLP
Phones
© 2010 - 2023 Webstudio Onelab LLP