Security Advisory

CVE-2023-1714

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-01 09:02:47

Last updated 2024-09-05 19:54:40

Assigner STAR_Labs

State PUBLISHED

Description

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.

← Browse all CVEs View on cve.org ↗