Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.
References
Link | Resource |
---|---|
https://starlabs.sg/advisories/23/23-1713/ | Exploit Third Party Advisory |
https://starlabs.sg/advisories/23/23-1713/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-01 10:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1713
Mitre link : CVE-2023-1713
CVE.ORG link : CVE-2023-1713
JSON object : View
Products Affected
bitrix24
- bitrix24
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type