Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.
References
Link | Resource |
---|---|
https://starlabs.sg/advisories/23/23-1714/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: STAR_Labs
Published: 2023-11-01T09:02:47.607Z
Updated: 2023-11-01T09:02:47.607Z
Reserved: 2023-03-30T09:15:34.398Z
Link: CVE-2023-1714
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-01T10:15:09.050
Modified: 2023-11-09T20:38:00.327
Link: CVE-2023-1714
JSON object: View
Redhat Information
No data.
CWE