The vulnerability in the `bitrix/modules/main/classes/general/user_options.php` file of the `main` module of the Bitrix24 business management service allows a hacker to execute arbitrary code and gain increased privileges.

The vulnerability of the bitrix/modules/main/classes/general/useroptions.php file in the Bitrix24 business management module is related to improper external manipulation of the file’s name or path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and...

PT-2023-6687

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An unsafe variable extraction issue exists in the bitrix/modules/main/classes/general/user options.php file. This allows remote authenticated attackers to execute arbitrary code through two methods:...