5 matches found
CVE-2023-1714
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714
creationtimestamp| type| source ---|---|--- 2023-11-04 17:44:37+00:00| seen| Telegram/993IQTAEI9abMkOWl8mkHJFNRp2-d18TbGN-UxF0pN3nA 2023-11-04 22:44:13+00:00| seen| https://t.me/poxek/3380 2023-11-04 23:56:08+00:00| seen| https://t.me/bhcat/192 2023-11-06 16:50:46+00:00| published-proof-of-concep...
CVE-2023-1714
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714
CVE-2023-1714 affects Bitrix24 22.0.300; the vulnerability is an unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php, enabling remote authenticated attackers to execute arbitrary code via (1) appending content to existing PHP files or (2) PHAR deserialization. Conne...