Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.
References
Link | Resource |
---|---|
https://starlabs.sg/advisories/23/23-1713/ | Exploit Third Party Advisory |
https://starlabs.sg/advisories/23/23-1713/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://starlabs.sg/advisories/23/23-1713/ - Exploit, Third Party Advisory |
09 Nov 2023, 20:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
CPE | cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:* | |
References | (MISC) https://starlabs.sg/advisories/23/23-1713/ - Exploit, Third Party Advisory | |
First Time |
Bitrix24 bitrix24
Bitrix24 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
01 Nov 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-01 10:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1713
Mitre link : CVE-2023-1713
CVE.ORG link : CVE-2023-1713
JSON object : View
Products Affected
bitrix24
- bitrix24
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type